You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The Security section of the iOS guide, under the Client vs. Server heading, discusses how anyone can obtain your client key and gain access to do anything clients can do. With Parse Server, client keys are no longer necessary. The docs should be updated to reflect that and explain any security concerns for the Parse Server setup.
I'm struggling to find information out there, does the lack of client keys mean it is now inherently more secure than the hosted solution? What exactly does the removal of client keys entail? It'd be great if this section were updated.
The text was updated successfully, but these errors were encountered:
Client keys were never a security mechanism, but a way to split per SDK the access to parse.com. While this is debatable, a system without a client key is as secure as one with. HOWEVER, the masterKey IS a security mechanism, and that key should be treated with as much care as any private key, or password.
The Security section of the iOS guide, under the Client vs. Server heading, discusses how anyone can obtain your client key and gain access to do anything clients can do. With Parse Server, client keys are no longer necessary. The docs should be updated to reflect that and explain any security concerns for the Parse Server setup.
I'm struggling to find information out there, does the lack of client keys mean it is now inherently more secure than the hosted solution? What exactly does the removal of client keys entail? It'd be great if this section were updated.
The text was updated successfully, but these errors were encountered: