the beta of DominoDB is out and people are starting to use it.
One of my early-adopting customers started to play around with it and started to create a React.-based application using DominoDb to modify database content. They secured their Proton task using the SSL encryption. So far so good. What I did not expect was the flaw in the architecture of the app that I came across when I looked at the source.-
The guys where using DominoDb right from the React App IN THE CLIENT APP ITSELF. The next pictures illustrates what I mean by that:
For testing, they opened their firewall at the proton port and are now communicating via SSL from the browser directly to the proton task on the server. While this is working, for me as a solution architect, this is a big NO-NO as you expose your client access keys and encryption keys in an end-user application as well as the server address for your proton task, name of the database etc. DO NOT DO THIS !!!!
From my perspective, DominoDB is always sitting on a server. Period. It is ment to be sitting behind a REST-Facade that hides the application and server access part from the end user. So my quick redraw of the architecture would look like this:
So the Client Browser only talks to the reverse proxy which then accesses resources on Domino (Xpages or whatever) or a Node/Express based REST-API that takes care of the Domino related tasks using DominoDB.
I wasn't prepared to having to write this up as it seemed logical to me but maybe it's better to write it down, eh ?!
Have your say....