Architecture of an app when using CouchDB/PouchDB

Question

I am wondering how the architecture should look like when using PouchDB as a local storage in a mobile app instead of localStorage.

At this

Answer 1

PouchDB on the client side can be in sync with a remote PouchDB. But when an application is build with Javascript how do you make sure that people are not inserting data into PouchDB by 'hacking' the client-side Javascript?

To reduce risk you can remove/redefine global variable window.PouchDB. So when your code starts (assuming it runs inside a closure), it can do the following:

function(){
    // your closure
    var PouchDB = window.PouchDB;
    window.PouchDB = null;
    Object.freeze(window);
}

Now PouchDB is visible inside the closure, but is not visible from console.

Last line freezes entire window object, so code can not add any global vars after freeze was executed. You must call Object.freeze(window) after all your libs were received and initialized. Please note this trick can induce a lot of side effects, so test your code carefully.

Object.freeze gurantees user can not copy/paste PouchDB‘s source code to console and run it, but does not guarantee user can not access underlying storage (IDB/WebSQL) directly or using Resources tab of the console.