|
Does the API simply execute SQL from the client? |
|
No. Any database that permitted 'raw' SQL access over the Internet would be insecure. |
|
|
How does the API prevent tampering with the queries? |
|
|
NextDB queries are precompiled, parameterized, and secured against 'SQL injection' attacks. The NextDB API does not allow ad-hoc queries. |
|
|
Can't someone gain access to the data outside their permission by tampering with parameters? |
|
|
Consider a hypothetical application with a table named 'PERSONAL_DATA'. A secure query of the 'PERSONAL_DATA' table would retrieve only a single row, and would include a query parameter known only to the owner of the data (for example, a strong password) to enforce authentication. It is the responsibility of the application to create secure queries and to perform appropriate security testing. |
|
|
How does NextDB use HTTP Referrer headers? |
|
|
For each database, you can independently set the HTTP referrers that are allowed to access the database. Database access will be denied for any HTTP request that originates from a web page that is not on the list of allowed HTTP referrers. |
|
|
How does NextDB use encryption? |
|
|
SSL is used for all traffic to and from your databases. Physical database files on the server are encrypted. |