Remove forms that request sensitive information #898
Labels
Comments
mtrezza
added
type:docs
bounty:$10
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Link to section:
https://docs.parseplatform.org/rest/guide/#your-configuration
What is the issue?
I think this is a well-intended feature, but I don't think we should provide it for security reasons.
This feature asks developers to enter their Parse Server URL, master key and client keys on a webform and submit it. Asking that of a developer goes against establishing awareness for good security practice and facilitates phishing. IMO we should never ask a developer to enter this information anywhere, but in fact create awareness about the sensitivity of that data and remind to never share it with anyone outside a project.
The only way such a feature may make sense was if the docs were made part of a Parse Dashboard backend where the user logged into the dashboard already has access to that information and it is merely displayed from the backend data.
Can you propose a solution?
I'm for removing this feature from the docs and just use common placeholders throughout the code.
The text was updated successfully, but these errors were encountered: