Tarek
Reputation: 2392
Prevent Parse client from retrieving full user list
For security reasons, I'd like to prevent my Parse client app (iOS) from being able to fetch the list of Parse users. Currently, anyone with the application id and client key (which are trivial to hack out of the app) can fetch the entire user list by running this request:
https://api.parse.com/1/classes/_User
Upvotes: 0
Views: 49
Answers (1)
Mo Nazemi
Reputation: 2717
To avoid User table being searched publicly, disable Find permission in your class security settings (CLPs). Make sure to checkout Advanced security tab to see all permissions instead of only Read/Write
Upvotes: 1
Related Questions
- Parse REST API Key breaks Client Key Authentication
- When using Parse on Buddy, where can I find Client Key?
- Using Parse Client Key in Angular gives CORS error
- Change Parse Client Key
- Get specific records from parse database using Http Request?
- backbone save to server parse.com
- Unable to retrieve required object from parse.com User class using javascript
- Is it a good practice to use useMasterKey() in cloud code?
- Update user object in parse.com