Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Update content of Security section in the iOS Guide #382

Closed
jordanhbuiltbyhq opened this issue Oct 19, 2016 · 1 comment
Closed

Update content of Security section in the iOS Guide #382

jordanhbuiltbyhq opened this issue Oct 19, 2016 · 1 comment

Comments

@jordanhbuiltbyhq
Copy link

The Security section of the iOS guide, under the Client vs. Server heading, discusses how anyone can obtain your client key and gain access to do anything clients can do. With Parse Server, client keys are no longer necessary. The docs should be updated to reflect that and explain any security concerns for the Parse Server setup.

I'm struggling to find information out there, does the lack of client keys mean it is now inherently more secure than the hosted solution? What exactly does the removal of client keys entail? It'd be great if this section were updated.

@flovilmart
Copy link
Contributor

Client keys were never a security mechanism, but a way to split per SDK the access to parse.com. While this is debatable, a system without a client key is as secure as one with. HOWEVER, the masterKey IS a security mechanism, and that key should be treated with as much care as any private key, or password.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants