It is obvious that the guy wants to promote and have a stage for himself instead of helping on improve the platform. It is also clear that Parse provides all the features for the developers to protect their applications. But, the solutions he proposes make a lot of sense for me and I have actually thought about them for a while:
- Implement default ACL/CLP for all classes, specially the User/Role/Installation and other default classes;
- Implement upload control in the dashboard + security upload by default;
- A new session in the dashboard containing security warnings.
Iām in to work on these items if we all agree. Thoughts? Iād love to hear from @Tom @dplewis @Manuel @Moumouls @cbaker6 (just to mention a few) and anyone else that wants to contribute.