Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Does the ParseFile have an ACL

It appears that the ParseFile does not have an ACL, or put another way, once the URL of the ParseFile gets out in the wild, the file is available to anybody who can make a GET http request.

I hope I'm missing something in the documentation, because this does not sound like a great idea. As best as I can understand it, this means that the URL is "protected" only by the ACL of the ParseObject that holds the reference to the ParseFile.

Perhaps it's relevant to know that I'm reading/using the .NET+Xamarin bits.

like image 327
Ralph Shillington Avatar asked Oct 31 '22 20:10

Ralph Shillington


1 Answers

I think you've summed it up best yourself:

"protected" only by the ACL of the ParseObject that holds the reference to the ParseFile

If someone does happen to know your url for that particular file then kudos to them, because they are uniquely created, just like objectId's:

.. containing the name of the file, which is the original file name prefixed with a unique identifier in order to prevent name collisions. This means you can save files with the same name, and the files will not overwrite one another...

So in other words, the last path component will always be unique:

tfss-db295fb2-8a8b-49f3-aad3-dd911142f64f-airlines.txt

Even if you re-upload a new airlines.txt document:

tfss-xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx-airlines.txt

To summarize ACL:

An ACL, or Access Control List can be added to any Parse.Object to restrict access to only a subset of users of your application.

So according to Parse, it's purposes are intended for the object itself, not specific parameters of that object. As of now, they do not support say, setting a specific read/write ACL on the objects 'Title' column or 'Email' column or a specific column type, the ACL's are object or User dependent.

For those that are interested in reading more about Parses ACLs can see their resource here: http://blog.parse.com/learn/engineering/parse-security-i-are-you-the-key-master/

like image 78
soulshined Avatar answered Jan 04 '23 14:01

soulshined