Realm Cloud security


#1

I am working on an iOS project that will use Realm Cloud to store synced data. Looking through the instance configuration on the web I could not find any type of security features such as an API key or public/private key setup. What can I do to prevent someone from messing with my instance if they find out my URL? I would like to limit access to just my app.


#2

Thats a great question, I’m interested in it too :slight_smile:


#3

@matheda Currently we do not have an app token but it is in a backlog for a future release. Because app tokens can be easily reverse engineered we recommend restricting how easy it is to obtain an authenticated user such as email / sms verification, IP blocking, unique device tokens computed in the native layer.


#4

@ianward Am I able to do any of those things with a Realm-hosted instance? I can write security into my app, but it appears to me that anyone with my instance’s URL can at the very least create Realms on my instance and fill them up with garbage.


#5

Still hoping to get some guidance on this. Would love to move forward with Realm, but I can’t without knowing that my backend database is going to be secure.


#6

+1 have the same issue