I'm new in Couchbase and I couldn't find any source regarding my question.
I've intended to develop a mobile application using Cordova(Phonegap). And I've thought Couchbase as a database is a good solution. But I have a question regarding security.
If I use Couchbase Lite PhoneGap plugin, my server IP appears in my "Sync-Gateway-config.json" file. So, people can use REST API to reach all data that were served by their channels. Can't they?
For example a user gets own data by these codes ViewQuery.from('users', 'by_name').key("aUserName"); . If someone reads these codes and gets server address, desing and bucket name then he/she can get all user records.
How can I prevent this case?
Buckets in Couchbase can be protected by the password. You can define secure bucket by requiring access password. Then at runtime you can inject that password (so no clear text password is stored in your configuration)
read about Couchbase data storage "Buckets provide a secure mechanism for organizing, managing, and analyzing data storage resources...SASL authenticating Couchbase buckets may only be placed on port 11211 and each bucket is differentiated by its name and password...Couchbase Server allows you to configure different ports to access different buckets, and gives you the option to access isolated buckets using either the binary protocol with SASL authentication"