Login & Security - JS SDK

[Juan Bermudez]

I have been trying out cocoafish with Backbone.js and just wanted to see if theway I am handling login with cocoafish is safe. 

I took the cocoafish web app example and I just use the testAuthUser to check if I should initiate the application. 

It works now, and since backbone is a single page app I don't see any issue in letting the user access the rest of the app based on his ID and that he was authenticated to enter this area of the app. 

It also worries me a bit that the API key is in the utils.js,  is this a potential security concern? someone checking the API Key and making calls on my behalf.

Any advice is welcome. 

Thanks. 

[Wei Kong]

Hi,

In javascript case, the key is open, In our upcoming release, we support disable of user creation from API so that can only allow user registration from web console. Also disable api access to non registered users. In that case, having an expose key is ok.

We are working on a keyless client for the next release.

Thanks,

Wei