{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 爷、活的狠高调 的问题《First time OrientDB user regarding security in RES》','https://www.manongdao.com/q-1370207.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
I am new to OrientDB. I am going thorugh the REST apis and I am not able to understand the security of the apis. I dont have much experience with backend development (i am a front end developer) so please help me clarify some points here :
- As I can see all the GET requests are open, as in, if I know the url & the record or class name I can simply type it in the web browser & anyone can access all the records. How does this data is protected ??
- How does access tokens or session works with the REST Apis ??
This might be a very basic question but since I have just started learning it please suggest the right approach or any useful resources.
Thanks.
all REST requests are authenticated using HTTP authentication, if you have OrientDB Studio open then you are already authenticated and the browser will not ask again for user/password. Try to open a new anonymous browser window and send a REST call, you will see the popup asking for user/password.
Here you can find additional info about HTTP and sessions
http://orientdb.com/docs/last/OrientDB-REST.html