I am developing a website in node.js and I am using Parse.com to handle the user registration and the Facebook users. To handle the Facebook login with Parse, I have to use the line of code:
Parse.initialize(APP_ID, KEY);
which can be accessed by anybody by just looking at the source code of the website. So my question is: if somebody has access to this information, can he access the data that I stored in Parse? he would just have to create some simple query, no? I already initialize on the server side so is there a way to tell the template(jade in my case) that Parse has been initialized by passing some kind of parameters? Thanks
If you set up ACLs and class permissions correctly in your app, then there should be no concern with handing out your JavaScript key. See this page for more information: https://www.parse.com/questions/javascript-sdk-security