I do see "class" level permissions, as I mentioned in my previous post, but nothing suggesting that finer grain control exists. I do see that you can store data on the authenticated user, which is a good start.
And if better security is something that's in the works, that's great. I'm not looking to give you guys a bad name. I just saw this being talked about in the startups I work around, and felt as if some of the less experienced developers were not considering what implications using a service like this might have. It's convenient, I'll give you that -- but instead of facilitating good security through its APIs, it obscures the need for it altogether. And from what I can see, it would be difficult for you guys to encourage good practice without being heavy handed.
Let's just hope your users are smart about how they use your product, because I'd hate to see what effect a few breaches might have.
That's a good way to describe our goals with Parse security - to "encourage good practice without being heavy handed". We are always looking for ways to make Parse easier, including security, so we definitely won't stop with what we have now. If you have specific suggestions feel free to drop me an email.
And if better security is something that's in the works, that's great. I'm not looking to give you guys a bad name. I just saw this being talked about in the startups I work around, and felt as if some of the less experienced developers were not considering what implications using a service like this might have. It's convenient, I'll give you that -- but instead of facilitating good security through its APIs, it obscures the need for it altogether. And from what I can see, it would be difficult for you guys to encourage good practice without being heavy handed.
Let's just hope your users are smart about how they use your product, because I'd hate to see what effect a few breaches might have.