Menu
It appears that the ParseFile does not have an ACL, or put another way, once the URL of the ParseFile gets out in the wild, the file is available to anybody who can make a GET http request.
I hope I'm missing something in the documentation, because this does not sound like a great idea. As best as I can understand it, this means that the URL is "protected" only by the ACL of the ParseObject that holds the reference to the ParseFile.
Perhaps it's relevant to know that I'm reading/using the .NET+Xamarin bits.
327
I think you've summed it up best yourself:
"protected" only by the ACL of the ParseObject that holds the reference to the ParseFile
If someone does happen to know your url for that particular file then kudos to them, because they are uniquely created, just like objectId's:
.. containing the name of the file, which is the original file name prefixed with a unique identifier in order to prevent name collisions. This means you can save files with the same name, and the files will not overwrite one another...
So in other words, the last path component will always be unique:
tfss-db295fb2-8a8b-49f3-aad3-dd911142f64f-airlines.txt
Even if you re-upload a new airlines.txt document:
tfss-xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx-airlines.txt
To summarize ACL:
An ACL, or Access Control List can be added to any
Parse.Objectto restrict access to only a subset of users of your application.
So according to Parse, it's purposes are intended for the object itself, not specific parameters of that object. As of now, they do not support say, setting a specific read/write ACL on the objects 'Title' column or 'Email' column or a specific column type, the ACL's are object or User dependent.
For those that are interested in reading more about Parses ACLs can see their resource here: http://blog.parse.com/learn/engineering/parse-security-i-are-you-the-key-master/
78
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
