Is the Internal Login system really safe?

Wouldn’t it make sense to use the fauna directly from the apps?

I have an api application. This application allows users to login using a server key. It returns a secret to the user after successful login.

I thought of a scenario like this. What can a user do if he logs in through my app and then gets a secret key?

For example, with this secret key created for him, I wanted to see what kind of results he can get if he directly queries the fauna.

I did a simple thing for this. I queried the users table with the secret key created for it. And as I guessed, the list of all users came.

There must be a way to prevent the user from running queries as he wishes with his token. Otherwise, it is not very safe to directly access Faunadb from applications or sites.

My intention was to handle the jobs that require security and server key through the api and directly access Faunadb for other works. I think it is not right for me to do this in the mobile application I will develop now.

Is there anything I overlooked about this?


it really depends entirely on how you have set up your roles, you have multiple options.

  • You can write a role with membership that provides access to a token (which I guess you did). In that role you have the possibility to write super fine-grained permissions by adding FQL Lambdas in the privileges (which I assume you didn’t do right?). That way (and there is an example Lambda provided as an example in the dashboard which only permits an account/user to read his own data (where his ref is present as an ‘owner’ attribute on the doc you try to read. You can do something similar to only read his own user.

  • Use User Defined Functions (UDFs) and only give access to these UDFs to the user. That way the only query they can run is the one you encapsulated in the UDF. There are ample examples of that in the code that accompanies this article:

Hi, thank you for the answer.

I thought of both of these methods you said. One thing I noticed afterwards was that the lambda function could be added. I’ve used this for index before. I think it took me a while to realize that the same is happening for collections because of the UX problem.

The idea of ​​using user-defined functions is great. As explained in the article you provided, necessary operations can be done by obtaining the identity information from the function without obtaining any credentials. I need to work a little more on this.

If we evaluate the first method, everyone who uses Fauna must write a Lambda function as you have exemplified here. Wouldn’t it be better to add this Lambda function by default when we create a Role instead of doing this one by one?

In cases where we, as the developers, make mistakes and forget, there is no security vulnerability. For a collection that we add to the role, it is easier to delete the default lamp when necessary, instead of doing this every time. Maybe you will consider this.

Thank you.