How to restrict parse config parameter visible to clients?

Question

Is there any way to remove certain ParseConfig parameters that a client (Android, iOS) receives with ParseConfig.getInBackground(...)?

The idea is that certain config parameters are used server-side in cloud code and should not be visible to clients, while other parameters are used to configure the client.

Answer 1

This has since been solved by allowing to restrict individual Parse Config parameters to be accessible only with the master key.

See https://github.com/parse-community/parse-server/issues/5930.

Answer 2

• To have up-to-date settings in your cloud code, you will need to call Parse.Config.get() every time, but the main behavior of Parse.Config.get() is to retrieve all configuration objects, it's not really an optimized solution.
• Parse.Config is designed to be an easy, fast and lightweight solution for obtaining a configuration for clients (public data). If you need to store a sensitive configuration, it is not a good idea to store public and sensitive data in the same place.

A suggestion for your use case

// Not optimized: The full config is pulled from DB
const config = await Parse.Config.get()

// Not tested: Optimized and secure, (name field should be indexed), InternalConfig need to be protected by CLP
const getInternalConfig = async (...args) => {
    const config = {}
   (await (new Parse.Query('InternalConfig'))
        .containedIn('name', args)
        .find({useMasterKey: true}))
        .forEach(result => config[result.get("name")] = config[result.get("value")]
    return config
}

const optimizedConfig = await getInternalConfig("parameter1", "parameter4" )