I am using Mongodb Java driver for my Java client application. it needs to connect to mongodb server running remotely.
I am concerned that someone could decompile jar and find out the ip address to the mongodb server and access it. but the user needs to have read and write access. Should I create a database for each user and authenticate them? or create a User collection myself?
mongo = new Mongo("mongodb.server", 27017);
db = mongo.getDB("mydatabase");
db.authenticate("test", "password");
btw, the db.authenticate requires char[] as password....so that db.authenticate() is not working.
Another solution I thought of was to use an middleman server which will connect to mongodb only. The application would connect to the middleman server via HTTP POST.
However, I need to directly store Java objects serialized into JSON on mongodb, so using the middleman server it makes things difficult.
If you are deploying code to clients then you could create a user per db and have them enter it or include it as a resource in your application (unique to each user download).
Generally people don't expose their database directly to their (untrusted) clients directly. May people create REST/Remote-APIs for this purpose where each application function requires authentication and can be authorized.