Skip to content

Remove forms that request sensitive information #898

@mtrezza

Description

@mtrezza
Member

Link to section:

https://docs.parseplatform.org/rest/guide/#your-configuration

What is the issue?

I think this is a well-intended feature, but I don't think we should provide it for security reasons.

This feature asks developers to enter their Parse Server URL, master key and client keys on a webform and submit it. Asking that of a developer goes against establishing awareness for good security practice and facilitates phishing. IMO we should never ask a developer to enter this information anywhere, but in fact create awareness about the sensitivity of that data and remind to never share it with anyone outside a project.

The only way such a feature may make sense was if the docs were made part of a Parse Dashboard backend where the user logged into the dashboard already has access to that information and it is merely displayed from the backend data.

Can you propose a solution?

I'm for removing this feature from the docs and just use common placeholders throughout the code.

Activity

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Metadata

Metadata

Assignees

No one assigned

    Labels

    bounty:$10Fix this issue and receive a bounty under the Parse Bounty Program.type:docs

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

      Development

      No branches or pull requests

        Participants

        @mtrezza

        Issue actions

          Remove forms that request sensitive information · Issue #898 · parse-community/docs