Always configure client permissions for all of your Parse classes. Make use of user-based ACLs – it’s a great Parse feature. If a client should be able to modify only one property of your class, think of encapsulating this field in the separate class. By doing it you will circumvent the possibility of illegal changes in your objects. Don’t rely on Parse – always do a proper validity check of the data it returns you. Remember that, theoretically, applicationID and clientKey can be found by any attacker, so you should build your application security grounding on this knowledge. The previous advice doesn’t cancel the necessarily of obfuscating strings in code 🙂 Use Cloud Code in more complex situations.
Parse Documentation A small series of articles about Parse security Parse Revealer iOS Application Security Part 28 – Patching iOS Application With Hopper The Hopper Disassembler by Mike Ash
