What about security? #16
Description
I've been digging through articles like this one to find a good backend solution for my front end web app I'm trying to build in ember.js. So far I've found a few solutions like Parse and FireBase but they all seem to have a big flaw when it comes to security, one requires that the keys to access the REST api be embeded in the app.js file and the other is just making post and get requests over to a URL without any sort of authentication. It seem like this is a pretty simple backend to get set up but I'm wondering how it does in terms of security. Can someone just go in and grab the code required to make posts to the mongodb database and potentially perform man in the middle attacks or injections of some sort? My app will be run on an SSL certificate since there is also a payment portion built on top of stripe but I'm not convinced that is going to be enough for this type of security vulnerability.
Can anyone shed some light on this topic for me?