1

I program with JavaScript, Node JS, html, css.

Building a web app I'm trying to figure out, how to use back4app.com as database. Starting with the examples, I've created a connection.

Now I'm wondering how secure this solution is? Following the back4app example "YOUR_APP_ID" and "YOUR_JS_KEY" are visible in the code of the index.html.

How can I guarantee security for all user data? I would like to save the sign-in data and progress of the users.

listener
  • 47
  • 7
  • The JS key exists for this purpose. It's unsafe to use the master key, but with the JS key, it's fine. You can also check the "Security" topic in this article, it might help you: https://blog.back4app.com/2017/11/09/parse-server-best-practices/ – Charles Jul 18 '19 at 21:34
  • Your keys will be visible no matter which API you are using (through Back4App, or any other service, or by your own). The key for security here is protecting your database using CLP and ACL before going to production. Additionally to @RamosCharles link, take also a look here: https://docs.parseplatform.org/js/guide/#security – Davi Macêdo Jul 18 '19 at 22:00
  • thank you for your reading hints RamosCharles and @Davi Macedo – listener Jul 22 '19 at 05:57

0 Answers0