我想使用SimpleDB的移动应用中。我有用户帐户，所以我将有一个TVM这将验证用户，并返回其允许移动应用直接进行调用SimpleDB的时间有限令牌。

我相信，但有没有办法做到这一点安全假设应用程序需要能够编写，并从数据库中选择。恶意用户可以简单地检索令牌，并写出自己的SimpleDB的要求可能写什么到数据库。

这是真的，安全地做的唯一方法写入SimpleDB的是有通过我的网络服务器SimpleDB中所做的所有电话？

下面是我的访问策略。

  {行动：深发展：PutAttributes深发展：SELECT *]效果：允许，资源：ARN：AWS：SDB：美东1：123456789012：域/ mySDBDomain}， 

解决方案

是的，你需要有各种各样的网关/代理应用程序的地方，提供验证和安全的其他级别，你要寻找的。在光明的一面是真的没有要任何幻想。

与写在微比如你喜欢的语言运行code小型web服务器（假设你不会得到多少流量），它只是简单地从移动应用程序需要请求，执行验证的一些小级别（也就是说，数据的格式相匹配你所期望从你的客户看到），然后将其作为格式正确的PUT请求您的SimpleDB域。

I'd like to use SimpleDB for a mobile app. I have user accounts so I would have a 'TVM' which would authenticate the user and return a time limited token which allowing the mobile app to directly make SimpleDB calls.

I believe however there is no way to do this securely assuming the app needs to be able to write and select from the database. A malicious user could simply retrieve the token and write their own SimpleDB calls which could write anything to the DB.

Is it true that the only way to securely do writes to SimpleDB is to have all the calls made through my webserver to SimpleDB?

Here would be my Access Policy.

{
"Action":["sdb:PutAttributes",
"sdb:Select*"
],
"Effect":"Allow",
"Resource":"arn:aws:sdb:us-east-1:123456789012:domain/mySDBDomain"
},

Yes, you need to have a gateway/proxy application of sorts somewhere to provide the additional level of validation and security that you're looking for. On the bright side it really doesn't have to be anything fancy.

A small web server with code written in your favorite language running on a micro-instance (assuming you won't get to much traffic) which simply takes requests from your mobile application, performs some small level of validation (i.e that the format of the data matches what you'd expect to see from your clients) and then sends it of as a properly formatted PUT-request to your SimpleDB domain.