I just noticed the app I used with parse did exactly what you said (gave the cli... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		wapz on Feb 1, 2017 \| parent \| context \| favorite \| on: Parse is shutting down today I just noticed the app I used with parse did exactly what you said (gave the client full access to database writes). My app only held "public" data and no passwords, emails, or sensitive data, but I was wondering how you manage to secure the DB writes. Wouldn't you need another server to send the write requests that would validate them before sending them to parse? Or is there another way?

BinaryIdiot on Feb 1, 2017 [–]

To secure code with parse I believe the most common way is to basically move everything behind cloud code.

So instead of making HTTP calls to directly modify the DB you make HTTP calls to cloud code functions you wrote which then verify who you are and only modify what you should be able to modify.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact