Skip to content

Filter other users' email in all queries. #3415

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
xissburg wants to merge 1 commit into from
Closed

Filter other users' email in all queries. #3415

xissburg wants to merge 1 commit into from

Conversation

@xissburg
Copy link

@xissburg xissburg commented Jan 20, 2017

The email is sensitive information, thus it should be filtered in filterSensitiveData in DatabaseController.

@flovilmart
Copy link
Contributor

flovilmart commented Jan 20, 2017

@acinader isn't it already taken care of?

@xissburg
Copy link
Author

xissburg commented Jan 20, 2017

Looks like I was using an older version without this update (email field is not returned anymore for Parse.User queries. (Provided only on the user itself if provided).

@xissburg xissburg closed this Jan 20, 2017
@MBDeveloper
Copy link
Contributor

MBDeveloper commented Jan 22, 2017

Can you remove the hardcoded adding of the mail to the sensitive data and let the developer add it in the config in case he want to, this change broke our administration clients that do need to get the user email.
Is there a way to bypass this removing of the email for specific clients? I didn't find a way to do it.

@natanrolnik
Copy link
Contributor

natanrolnik commented Jan 22, 2017

@MBDeveloper you can see the suggestions here at #3301 by @acinader.

@MBDeveloper
Copy link
Contributor

MBDeveloper commented Jan 23, 2017

Writing a cloud function as suggested in #3301 is not relevant to us since we are getting the user object from many other objects that have a pointer to the user object, this mean rewrite all our administration clients API calls.

@Amex22 Amex22 mentioned this pull request Feb 4, 2017
Closed
@zingano
Copy link

zingano commented Jul 20, 2017

Similar issue for me. I have an Admin role that on parse.com was totally able to follow links to user objects and access their email, and the same was true on old versions of parse server.

Looks like I'm stuck on old versions of parse server then.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

6 participants

@xissburg @flovilmart @MBDeveloper @natanrolnik @zingano @facebook-github-bot