Can someone help me understand how secure CloudCode is? Like who can access it? Is it publicly available / open like an API?
And if someone somehow knows the cloudcode functions, can they just start calling it and wreck havok if they have like the clientkey and applicationId?
Basically I’m trying to figure out what functions I can move to CloudCode and what should be kept off. Like I’m assuming deleteUser(with: userId) with a masterkey should be kept off CloudCode as someone can easily just send a call to that cloudcode function and delete a user but deleteUser with the proper ACL / CLP might be doable ?
What kind of security issues should I watch out for when creating / running cloudcode functions?
thanks in advance.