Reputation: 6781
The threat of your app being decompiled and modified to bombard parse
Are there any preventive measures that stop a scenario where a person decompiles my app and modifies my PFObject so that it generates new and random data properties/classes in my Parse database?
Right now, my app would registerSubclass based on what I've defined in my code. What's stopping the people who decompiles my app, adds a new class, and registers it to the database?
Upvotes: 1
Views: 44
Answers (1)
Reputation: 9912
As @rickerbh correctly pointed out in his comment, turn off client-side class creation, make sure that you have proper ACLs set for your objects and make use of the class-level permissions (CLP) on your collections to control who can perform what sort of operations on them.
Parse has some security related blog posts you should definitely read as well, all these measures should give you a good level of security if used correctly.
http://blog.parse.com/learn/engineering/parse-security-i-are-you-the-key-master/ http://blog.parse.com/learn/engineering/parse-security-ii-class-hysteria/ http://blog.parse.com/learn/engineering/parse-security-iii-are-you-on-the-list/ http://blog.parse.com/learn/engineering/parse-security-iv-ahead-in-the-cloud/ http://blog.parse.com/learn/engineering/parse-security-v-how-to-make-friends/ http://blog.parse.com/learn/engineering/parse-security-vi-quiz-time/
Upvotes: 1
Related Questions
- Decompilation possibilities in iOS and how to prevent them
- How to prevent other developers destroy our Parse server data
- Attack other people parse server?
- Using Parse.com for iOS SDK after retired, crash?
- how to secure parse initialize with app and secret?
- Warning inside code when updating Parse object
- Is using parse.com framework safe?
- Open-sourcing code with Parse.com client key and application id safe?
- Parse.com API security concerns
- Using Parse Cloud Code to enforce data integrity