parse.com - How to prevent the creation of data readable by all customers in a Parse table? -

- February 15, 2010

i have table called goals default clp (public read , write).

my mobile app has default acl set owner data can read , write it.

let’s assume able obtain client keys maliciously app, , add entry in table goals without acl using command that:

curl -x post \ -h "content-type: application/json" \ -h "x-parse-application-id: xyx” \ -h "x-parse-rest-api-key: 12345” \ -d "{\"name\":\"whatever\"}" \ https://api.parse.com/1/classes/goals

now every user load new data, prevent that.

i assume there 2 options:

prevent rest api users writing data without acl or public acl, perhaps cloudcode
in app filter out data doesn't belong directly user

my question is, 2 above available options? first option doable cloud code?

ok, let's try again. think best solution in case create beforesave trigger in cloud-code sets acl way want it. parse javascript sdk, can construct acl gives access user passed in constructor. (untested code):

parse.cloud.beforesave("goal", function(request, response) {   request.object.setacl(new parse.acl(parse.user.current()));   response.success();   });

note: used this post reference. , this too

Search This Blog

Shell

parse.com - How to prevent the creation of data readable by all customers in a Parse table? -

Comments

Post a Comment

Popular posts from this blog

javascript - Laravel datatable invalid JSON response -

java - Exception in thread "main" org.springframework.context.ApplicationContextException: Unable to start embedded container; -

sql server 2008 - My Sql Code Get An Error Of Msg 245, Level 16, State 1, Line 1 Conversion failed when converting the varchar value '8:45 AM' to data type int -