Skip to content

Improve Security around allowClientClassCreation #7156

Open
@dblythy

Description

@dblythy

New Feature / Enhancement Checklist

Current Limitation

Parse Server is designed so that it can be booted up and tested easily. However, there are some default configurations that are insecure, meaning that when a developer transitions to production, they mightn't be aware of the openings which they haven't fixed.

Feature / Enhancement Description

Just like fileUpload, migrate allowClientClassCreation to default to false, expect for the core classes (such as _User).

Or:

Have 2 start scripts:

npm start:dev // allows for any insecure option, such as allowClientClassCreation or mountPlayground
npm start:prod // overrides insecure options

Metadata

Metadata

Assignees

No one assigned

    Labels

    type:featureNew feature or improvement of existing feature

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions