Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Query: Accessing CBL server from 3rd party application #1520

Closed
msanilkumar2020 opened this issue Nov 24, 2016 · 7 comments
Closed

Query: Accessing CBL server from 3rd party application #1520

msanilkumar2020 opened this issue Nov 24, 2016 · 7 comments

Comments

@msanilkumar2020
Copy link

msanilkumar2020 commented Nov 24, 2016
edited
Loading

In iOS is it possible for 3rd party app to access CBL server using REST requests.(Knowing the db name and credentials)?

In Android, this security issue is reported in below link
couchbase/couchbase-lite-java-listener#48 (comment)

Does this issue is applicable for iOS also ?

Thanks,
Anil Kumar

  • Version: 1.3.1
  • Client OS: iOS 10,Xcode 8
@msanilkumar2020
Copy link
Author

Do you have any update on these query, i want to know the behaviour of iOS.

Thanks,
Anil Kumar

@pasin
Copy link
Contributor

pasin commented Dec 12, 2016

You can use CouchbaseLite Listener to enable REST access. You can also setup users' credentials as well.

See https://github.com/couchbase/couchbase-lite-ios/blob/master/Listener/CBLListener.h#L85.

@pasin pasin closed this as completed Dec 12, 2016
@NitzDKoder
Copy link

NitzDKoder commented Mar 30, 2017
edited
Loading

@pasin we are running the cordova based app with CouchbaseLite Listener running.. how secure is the iOS module? Pls confirm..

Android has below issue open:

couchbase/couchbase-lite-java-listener#48
couchbase/couchbase-lite-java-listener#78

Thanks
Nithin

@pasin
Copy link
Contributor

pasin commented Mar 30, 2017

@NitzDKoder

  1. iOS PhoneGap plugin uses internal custom URL protocol which is bound to the process.
  2. I believe iOS already supports OPTIONS request. Do you have CORS issue with iOS?

@NitzDKoder
Copy link

1)"bound to the process" meaning other Apps cant access it?

Is there a server concept in iOS too? PCAP will have traces of http/custom url used? SSL is not needed?

https://github.com/couchbase/couchbase-lite-ios/wiki/LiteServ-With-SSL

2)We do have cors issue in iOS 10, will share more info soon.
#1496

Thanks
Nithin

@NitzDKoder
Copy link

@pasin your thoughts on above?

@pasin
Copy link
Contributor

pasin commented Aug 4, 2017
edited
Loading

@NitzDKoder Sorry, I missed your questions.

Is there a server concept in iOS too? PCAP will have traces of http/custom url used? SSL is not needed?

CBL iOS PhoneGap plugin doesn't start the listener (see the code here). It uses an internal custom URL (a subclass of NSURLProtocol) that allows the requests with the internal URL scheme to get handled directly. I don't think PCAP will have the traces. There are some good articles about NSURLProtocol such as here and here. So no SSL is needed. On the other hand, this means that with iOS PhoneGap plugin, you are not able to access to the local database via HTTP requests outside the app.

2)We do have cors issue in iOS 10, will share more info soon.

To use the local database from outside the app, you will need to spin a the listener object. I'm not sure how this will work in the real app as when the app goes into the background mode, there is a time limit by the OS for the tasks to be run. I'm not sure what is the CORS issue that you have. Can you describe about that more or open a new ticket. I saw @jamiltz submitted a PR related to CORS to add a CORS enabled flag to the LiteServ which utilizes the listener object. You can check that as well if it could solve the issue that you have.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@msanilkumar2020 @pasin @NitzDKoder