0

I built a very simple AngularJS Shop App that creates product orders. As of now, the app just sends orders via email to the customer and retailer using PHP, but I thought it might be good to learn a bit how to use databases, and store/retrieve this orders (which are arrays) into a Cloudant.

But then I realized that to connect to the Cloudant service, the call looks like this:

https://{username}:{password}@username.cloudant.com/DB

I assume this is not very safe at all, as the call and credentials would be visible for anyone.

Also, in the App there's no need at all for anyone to have an account or login, which would partially help with security.

As I have 0 experience with Node or any other backend system, I'm wondering: Is it possible to make secure calls to a Cloudant service using only AngularJS (or PHP to store the sensitive values)?

I've read a bit about the one db per user, but it doesn't seem to help in my case, where I need one single DB to store all my orders.

Any tips would be highly appreciated.

Improve this question
3
  • Are you making these requests from the client or server side? Hardcoded auth info is only publicly available if you're making those calls on the front-end. If it's back-end code, end users will normally never get to see it. Commented Feb 24, 2017 at 23:14
  • Client side! Nothing from the app is server side right now, it's all front end except the PHP document sending the emails. Commented Feb 24, 2017 at 23:16
  • 1
    I would suggest taking a look at Hoodie, a framework which has tools and APIs for this. Commented Feb 24, 2017 at 23:18

2 Answers 2

Reset to default
2

If you need to expose your credentials in your API calls, you better not do them from the front-end. If you're using Angular and PHP, the easiest way to hide your auth info from the public would be the following:

  • Create a PHP file and move your API code to the back-end.
  • This will be a bit of work, but in the end the service login should happen on the server. This file should receive requests from the client and transmit them to the remote service, then return its response to the client.
  • Use AJAX on the front-end to make calls to the above PHP file, and proceed displaying its response to the user like you would handle an API response.

This way your API credentials aren't exposed to anyone checking your page's HTML source and you can keep most of your front-end logic the way you have it set up already.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

0

As @ppajer said, I strongly discourage to use AngularJS to do what you want to do. Leave it on the back-end and use ajax to make the calls. Take a look at this repo, it may help you: https://github.com/osipov/bluemix-cloudant-php-sample

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.