Ah, yeah, to clarify on that as well, a malicious user could impersonate anything about the request (from query params, to headers, to request body, etc.).
I wouldn't spend time on building proper auth, you'd need to get into session tokens or JWTs unless Parse has something builtin, but just fyi both headers/body would be insecure.
Ah, yeah, to clarify on that as well, a malicious user could impersonate anything about the request (from query params, to headers, to request body, etc.).
I wouldn't spend time on building proper auth, you'd need to get into session tokens or JWTs unless Parse has something builtin, but just fyi both headers/body would be insecure.
_Originally posted by @jbmanning in https://github.com/carlosvegap/capstone-kickoff/pull/58#discussion_r937460035_