https://api.backendless.com/38B73A93-FFCB-154C-xxxxxxxx/F82811A8-8842-4148-93DF-xxxxxxxxxxx/data/keygameHOST1
they already know the address of the REST API and then the attack takes all the data in the data table and shares it online
how to prevent this (or encrypt the information in the data)
You need to restrict access to only authenticated users. Here are a few links about the Backendless Security model:
https://backendless.com/docs/rest/users_global_permissions.html
https://backendless.com/docs/rest/users_asset_container_permissions.html
https://backendless.com/docs/rest/data_security.html
Regards,
Mark
Is there a way to encrypt data when viewing?
Yes, but how will your app decrypt it?
eg:
{
“keydate”: “1”,
“islock”: false,
“code”: “BLADEX-1D-35CB7C4C2C5D4B1F9B7A”,
}
Encode
{
“keydate”: “1”,
“islock”: false,
“code”: “XXXXXXXXXXXXXXXXXXXXXXXXXX”,
}
When returning to my application we will call decode(XXXXXXXXXXXXXXXXXXXXXXXXXX)
and will get the result: BLADEX-1D-35CB7C4C2C5D4B1F9B7A
You can add an event handler for the data retrieval APIs and encode your data there. For more information about event handlers see the documentation at:
https://backendless.com/docs/bl-js/bl_event_handlers.html
Regards,
Mark
to get Business Logic
Do I have to buy this?
No. I recommend going through the Quick Start page:
https://backendless.com/docs/bl-js/bl_eventhandlers_getting_started_js.html
