Hacker Newsnew | past | comments | ask | show | jobs | submitlogin
If MongoDB is unreliable, are services like YC S11 Parse unreliable?
12 points by seivan on Nov 6, 2011 | hide | past | favorite | 4 comments
After reading http://news.ycombinator.com/item?id=3202081 and http://schmichael.com/files/schmongodb/Scaling%20with%20MongoDB%20%28with%20notes%29.pdf

I start to wonder if using services like Parse for your backend is a bad idea?



Parse is very unsecure because you essentially give the user full read/write/delete access to all of its data as no logic is run server side but clientside. That means any scriptkiddy can change all data as it likes.

That has nothing to do with MongoDB, but with the cirtical design flaw of Parse to trust the client not to send fake data.


My initial intuition is that such an egregious oversight can't possibly be real for a YC11 company, can anyone validate this? Does Parse really provide no way to set document fields writable, readable and so on?


In Parse you can authorize/de-authorize client permission to get, find, update, create, and delete for each table


Yes that is one way to look at it - but my initial focus was not on the server sided logic, but the persistent store, in this case, MongoDB.




Consider applying for YC's Summer 2026 batch! Applications are open till May 4

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: