SMTP Connection String alternative


#1

I am about to hit the submit button on my iOS app but there’s one last thing that’s bugging me. I am using Realm’s username/password for authentication and it’s very disturbing that Realm uses my cloud’s instance address as the sender’s return address for password resets. Does anyone have a suggestion how I can just change the return address but still use Realm as the authentication method? I’ve purchased a website domain with G Suite but I think the daily sending limit is pretty low. I am so close but I feel it’s a huge security risk having my cloud instance address out there.

Suggestions?


#2

@joshRond Why is this a security concern? Anyone that took a look at your network traffic when running your app would see a lot of connections to your Realm Cloud address


#3

Really? What about this scenario… What if a competitor took my specific cloud instance address, used it in a dummy project, created thousands of dummy accounts, ran up the storage limit, etc? They wouldn’t be able to access my Cloud account or my user’s data but they still could cause me a headache/money.

Is this unrealistic?


#4

Wow you have really nefarious competitors :smiley:

If you want this type of security and protection we recommend using a 3rd party authentication provider - we state this in several places in our docs like here - https://docs.realm.io/server/manage/production-checklist#authentication


#5

I don’t think @joshRond is being unrealistic at all. You don’t have to be a software developer to recognise we are all potentially subject to attack on the internet.

If Realm is going to offer auth, even basic auth, there is a responsibility to offer secure auth.


#6

SSL cert pinning can fix this issue?