Securing your cloud keys

CDC is a middleware that resides on the client side to access your cloud data services. It means that you must have access keys to your data services stored in the client.
If all parts of your service is publicly available, or if you run your application in a controlled environment such as an intranet, it may not be a problem (except that some people may post inapropriate content).

If you must restrict or protect access to your cloud services, you will have to protect those access keys.

 

One thing that you must keep in mind is that, in a web application, it is almost impossible to secure data on the client. Whatever way you may use, any people smart enougth to open browser development tools will get your access keys in a few minutes, weither by debugging in your code, or by inspecting http headers in the requests to your cloud services.
The best you can do is making your keys hard to find, or hard to get (for example, storing a hash of the key instead of the key itself).


Relying on authentication

One way to protect your keys is to move them client-side only to authorized people. The key itself would not be secured in the client but you will limit the risk in a substantial way.
The drawback is that you will have to manage some custom services on your own, for authentication, and for accessing the access keys. It's strongly recommanded to use https in those services.


Making proxies to cloud services

Another way to protect access to your cloud services is not accessing them directly from the client. You could implement your own set of services (using ASP.Net WebAPI, Node.js, ...) that will act as a proxy to your cloud services. In such case, you will provide an authentication mecanism to your API, and use CDC with the Restful provider. It means