Keep safe and secure with the use of database properties inside your app

Robin_van_Kuijk · October 2, 2020, 5:44pm

Hi Backendless team,

I have a general question regarding the safe use of Backendless.
Since my start with Backendless I try to avoid presenting unnecessary database properties to the user (inside my app)
For instance, I am not sharing relevant table information like objectId’s, ownerId’s and so on, to prevent abuse/hacking my Backendless database.
What if I do present objectId information to the app user? Is this ok to do?
Because now I am diving into real time listeners of Bulk updates, I get objectId’s inside my app.
I am not sure if I want this, so that is making me ask you this question.
I hope you can share me your guidance on this subject.

Best regards,
Robin

Marina.Kan · October 6, 2020, 1:38pm

Hi, @Robin_van_Kuijk

Sorry you need to wait. Security is a top priority for us. That`s why we offer our developers multiple security levels such as roles-based policies, global permissions, local permissions, owner policy and other. You can read more in our blog.
If you present objectId information to the app use you can restrict the actions that users can perform using our security levels, which I described above.

Regards,
Marina