Reputation: 29270
Make Parse Data Modification Only Accessible from the Cloud
I am trying to create an app on Parse. That app uses data, but in order to make the data storage more secure, you would not like the clients to be able to run it. Instead, only the server should be able to modify data,
So far, I haven't seen any options as to how to achieve that, except by using user/role-based authentication, and that is something I'd rather avoid because it is the environment, not the user or role I would like to make the data access depend on.
Are there any ways to do that?
Upvotes: 0
Views: 66
Answers (2)
Reputation: 38526
You could use a beforeSave handler in Cloud Code...
Parse.Cloud.beforeSave('myClassName', function(req, res) {
if (req.master) {
res.success();
} else {
res.error('Cannot change this data.');
}
}
Then only requests made using the Master Key can alter this data.
In other places in Cloud Code, you can pass this option for individual requests like this:
obj.save(null, { useMasterKey: true });
Or turn it on for actions that follow:
Parse.Cloud.useMasterKey();
Upvotes: 1
Reputation: 16874
Turn off write access for everyone on each class, then in your Cloud Code use the master key which lets you bypass permissions.
Upvotes: 1
Related Questions
- How to run Parse Cloud Code by a specific user?
- How could you model Parse database for secure multi-user shared object access?
- Call cloud code without logged in user Parse Server JS SDK
- Restrict Parse Cloud Function to be executed only by authenticated users
- How to make a copy of a Parse Object in the Cloud?
- Restrict users from updating certain fields but allow backend to edit them
- Parse Server Cloud Code Update User
- Security with cloud functions using parse.com
- Parse.com setting ACL on cloud function
- Parse.com: Remove public read access for array of objects