Reputation: 11
How can I avoid parse.com replying with sensitive data on save? (i.e. a silent save)
When creating a save request to parse.com it replies with the full object that was created which is usually what one would want. However, this object is 'write only' in the CPL and should not be read by the user. Is there some way I can suppress the response, i.e. some sort of silent save? (I am thinking that wrapping it in a cloud code function could be a possibility but that seems... overly complicated)
Upvotes: 1
Views: 35
Answers (1)
Reputation: 119031
I would say that using cloud code is the correct approach, and that you also shouldn't use a parse object in your client, just package up the data into a cloud function request and then the client code doesn't know the class name of the destination object. While ACLs are a good start for security they don't cover all cases. If you make a class name public then anyone with the API keys (which are also public) can add new instances of that class to your data store. Your only option to prevent this is to use cloud code, either to hide the class name or to perform a pre-save validation.
Upvotes: 1
Related Questions
- Save "object without data" pointer in Parse Cloud Code
- Parseplatform: Prevent save without giving the client information over the outcome
- How to prevent current user get notified?
- Sending form data to Parse.com
- Issue with saving to Parse through Javascript
- Save input into Parse (Javascript)
- Parse.com discern update or insert in BeforeSave
- Parse.com Cloud Code - After Save
- Make Parse Data Modification Only Accessible from the Cloud
- Parse.com Cloud Code : Can't save data browser object