Mobile app and SimpleDB direct 'Access Policy'

有些话、适合烂在心里 提交于 2019-12-23 04:29:06

问题


I'd like to use SimpleDB for a mobile app. I have user accounts so I would have a 'TVM' which would authenticate the user and return a time limited token which allowing the mobile app to directly make SimpleDB calls.

I believe however there is no way to do this securely assuming the app needs to be able to write and select from the database. A malicious user could simply retrieve the token and write their own SimpleDB calls which could write anything to the DB.

Is it true that the only way to securely do writes to SimpleDB is to have all the calls made through my webserver to SimpleDB?

Here would be my Access Policy.

{
"Action":["sdb:PutAttributes",
"sdb:Select*"
],
"Effect":"Allow",
"Resource":"arn:aws:sdb:us-east-1:123456789012:domain/mySDBDomain"
},

回答1:


Yes, you need to have a gateway/proxy application of sorts somewhere to provide the additional level of validation and security that you're looking for. On the bright side it really doesn't have to be anything fancy.

A small web server with code written in your favorite language running on a micro-instance (assuming you won't get to much traffic) which simply takes requests from your mobile application, performs some small level of validation (i.e that the format of the data matches what you'd expect to see from your clients) and then sends it of as a properly formatted PUT-request to your SimpleDB domain.



来源:https://stackoverflow.com/questions/8528670/mobile-app-and-simpledb-direct-access-policy

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!