David David - 5 months ago 52
iOS Question

How can I securely connect to Cloudant using PouchDB?

I am creating a mobile app for Android and iOS using Cordova/PhoneGap and am using IBM's Cloudant database for storage. I am using the PouchDB javascript library to access the Cloudant database. Currently I have this code to access it...

db = new PouchDB('https://[myaccount].cloudant.com/[mydb]', {
auth: {
username: 'myusername',
password: 'mypassword'

I am aware that this is extremely insecure, and am wondering if there is a more secure way to connect to my database from within the app?


One option you may like to consider is implementing a service (e.g. running in the cloud) for registering new users of your app. Registration logic could look something like this:

  1. The handset code communicates with your application service requesting registration of the user
  2. The service makes a call to Cloudant to create an API key which would is returned to the handset code
  3. The handset code saves the API key 'username' and 'password' on the device. These credentials are then use in the auth: { username: 'myusername', password: 'mypassword' } object.