Wouldn’t it make sense to use the fauna directly from the apps?
I have an api application. This application allows users to login using a server key. It returns a secret to the user after successful login.
I thought of a scenario like this. What can a user do if he logs in through my app and then gets a secret key?
For example, with this secret key created for him, I wanted to see what kind of results he can get if he directly queries the fauna.
I did a simple thing for this. I queried the users table with the secret key created for it. And as I guessed, the list of all users came.
There must be a way to prevent the user from running queries as he wishes with his token. Otherwise, it is not very safe to directly access Faunadb from applications or sites.
My intention was to handle the jobs that require security and server key through the api and directly access Faunadb for other works. I think it is not right for me to do this in the mobile application I will develop now.
Is there anything I overlooked about this?