LoginSign Up

Forum

customcode setAdminKey safe

0 votes

Hi, app42 support team:

   question 1:  I call storageService.setAdminKey("Admin Key of App") in the customcode,  and call              

                          findAllDocuments . Is it safe for our app42 app?

    Can  haker get my admin key of our app and do damage to my app if I write admin key of app in the customcode?

    question 2: Can I give a read only permission to findAllDocuments when I call findAllDocuments?

Thank you!

 

asked Aug 19, 2014 in App42 Cloud API-BaaS by riovoxtools (45 points)

1 Answer

0 votes

It is totally safe to use Admin Key inside Custom code as there is no way that your code/keys can be seen from the outside world. Custom Code wraps your code inside jar file and uses it for fulfilling the request at run time. Your code remains on the server and no one can get access of your jar file until you yourself distribute URL of your jar file to the outer world.

For giving the permission on doc, you have to first give the access on doc using grantAccessMethod or setting up the default ACL as PUBLIC READ. While you are calling findAllDocuments, it will just check the permission and give you back the target documents. Before calling this method you have to make sure that you have permission on all the docs. In your case, if you are using Admin Key to call this method, it will return all the docs as Admin has full privileges on all the data.

Let us know if it answers your question.

answered Aug 19, 2014 by hs00105 (2,005 points)
Hi, hs00105:
     Why I can't use query function in leaderboard service in custom code?
   My code:
           Query query = QueryBuilder.build(key1, value1, Operator.EQUALS); // Build query q1 for key1 equal to name and value1 equal to John  
        //App42API.set
        App42API.setDbName("<Enter_the_dbName>");  
        mScoreBoardService.setQuery("<Your_Collection_Name>", query);
commented Aug 19, 2014 by riovoxtools (45 points)
And another question:
    When I call findalldocuments, why it only return 100 records?
commented Aug 19, 2014 by riovoxtools (45 points)
Kindly use the below code snippet in your custom code to retrieve the meta info of user.

String key1 = "name";     

String value1 = "John";  

Query query = QueryBuilder.build(key1, value1, Operator.EQUALS);

HashMap<String, String> otherMetaHeaders = new HashMap<String, String>();
JSONObject json = new JSONObject();
json.put("dbName", "Your db name");
json.put("collectionName", "Your collection name");
otherMetaHeaders.put("dbCredentials", json.toString());

mScoreBoardService.setQuery("Your collection name", query);  

mScoreBoardService.setOtherMetaHeaders (otherMetaHeaders);

Game game = mScoreBoardService.getTopNRankers(gameName, 10);

Also, please use the findAllDocumentsByPaging method for finding all the documents by paging from App42 data base.
Let us know if it helps.
commented Aug 19, 2014 by hs00105 (2,005 points)
Download Widgets
Welcome to ShepHertz Product line forum, where you can ask questions and receive answers from the community. You can also reach out to us on support@shephertz.com
...