What would be the best way to get around the limitation of having access keys displayed openly in the javascript code? In order to actually use this for early versions of production apps.
The only solution I can think of is to make the queries through a thin proxy server that adds the access keys to the requests.
Is there a solution that Parse could implement to make pure js apps reality?
I actually asked them this just last night. Here's the response I got:
So right now, you're restricted to using the master key for the REST API (and thus, javascript applications). We have plans to make this more secure in the future in the same way as we do with our SDKs.
For our SDKs, we have a few ways to secure your app, via class level permissions and object level permissions (ACL): http://www.parse.com/docs/data
You're able to lock down permissions on the client key, and this should be able to secure the majority of apps that you want to make. But, this won't work with the REST API.
What would be even cooler is if Parse made JavaScript a first class citizen (so to speak), and truly supported a JavaScript API.
Am I missing something that might prevent them from doing this? Or is it maybe that this feature is in the works? They sure as hell push out cool new features fast...
The only solution I can think of is to make the queries through a thin proxy server that adds the access keys to the requests.
Is there a solution that Parse could implement to make pure js apps reality?