Web client security
-
All-
Can anyone please help me understand on the Javascript library, where/how are the profileId and anonymousId stored so to be secure? The wrapper sounds like it is JavaScript and doesn't have any native code, is that correct? My app is a hybrid web app using Capacitor/Cordova.
Is there a Cordova/Capacitor plugin for Braincloud? I was not able to find one.
Also, am I correct in saying that when I have a game configured for Android that the Braincloud API's will restrict access to that specific appId/Package Name? The closest example I can give to explain what I am meaning is in Firebase, you can restrict those API calls in the Google APIs so that only apps with the AppId/Package Name can reach your Firebase API.
Thanks in advance,
-Chad -
Hi Chad,
The JS library is using localStorage to store "sessions id", "profile id" and "anonymous id". Username/emails/passwords are not stored. Only the information necessary to restore a previous session. As for implementation details about localStorage, it all depends on the app framework/browser you are using.
There is no native code in our JS library, correct. We do have native versions of the library (C++ and Objective-C). But if you want a web app, those are not useful to you.
We have an NPM module for it and a minified .js file for webpages. There are many frameworks out there, so there might be minor code change to be done depending on which framework you are using.
If you are using our JS library, even inside a framework or on any device (You mentioned Android), the platform used by brainCloud is always going to be "WEB".
Hope this helps. Did I understand your question(s) correctly?
David -
@David-St-Louis-0
On my last question, can you restrict API calls to only be from a specific web domain or mobile app is? Google Api's allowed to restrict calls to firebase to be specifically from an web domain, or the specific app ID's.
Another way to ask it, is there any way to restrict API calls to from a specific location?
Thanks again,
-Chad
