Is it a good idea to call Azure Search using 'read key' from a single page javascript application running from a browser? If yes, how secure is it? Does Azure Search provide protection against DOS attack?
Asked
Active
Viewed 416 times
1 Answers
1
In order to use a query key to make requests to Azure Search directly from client-side Javascript, the query key has to be disclosed to the client. From a security perspective you shouldn't trust the client, and should therefore assume that you are publicly disclosing the query key. If you don't mind the contents of your index being made public, then this is fine, but otherwise it is better to have your client code call an intermediate server-side API that authenticates the client before calling Azure Search with the appropriate API key.
Regarding DOS attack protection, there is nothing specific to Azure Search in particular. This question might be of help.
Community
- 1
- 1
Bruce Johnston
- 8,344
- 3
- 32
- 42