I know having API keys etc exposed in javascript in a web app is an obvious security threat, even if you obfuscate. However, since I know backendless stores all the needed information from a successful javascript init call in the session, would it be possible to init using php and store the same valid tokens etc in the session for use in subsequent backendless javascript calls? Just a thought, was wondering if this is possible or if anyone has tried it?
Chad.
Hi Chad,
I don’t think it’s possible to init backendless.js through php, but you can try anyway.
Nevertheless, I see no real reasons to dodge this way. Using secret-key and AppID is absolutely safe, if you manage your app restrictions. Please, read this topic:
http://support.backendless.com/t/securing-secret-key-in-frontend-javascript-code
Also I suggest you to watch our webinar about Backendless security:
https://backendless.com/webinars/
Hope it answer all your question and you’ll understand better about security in Backendless.
Regards,
Stanislav