[Feature Request] add cloudCodeKey for cloud code only access #2440
Comments
|
We don't typically track feature requests here in the issue tracker. Perhaps you may want to send a PR? |
|
This could be a solution for #3067 maybe. This has come to me after successfully get some delicate data from Parse hosted websites and apps (even though ACLs and CLPs were set). |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
The idea behind this feature is to have a key that only has access to cloud code functions.
Why? So that you can protect all other routes from being publicly available and to force all users actions through cloud code which gives the developer more control over what is and isn't allowed.
I know CLPs can have a similar effect but I would prefer if an outside user didn't even get that close to the database. Client side Javascript is just too insecure and the files API allows people to just upload whatever they want unrestricted.
The text was updated successfully, but these errors were encountered: