我在 Parse.com
使用 PFLogInViewController
创建了一个 PFUsers
。我想让用户可以选择更改他们的用户名。为此,我需要能够检查用户名是否仍然是唯一的。为此,我需要能够查询用户。
因此我需要授予对用户对象的读取权限 (ACL
)。如果我这样做,存储在用户对象中的用户电子邮件地址在互联网上是开放可读的:-(。
解决此问题的最佳方法是什么?
最佳答案
来自Parse docs :
User Security
It is important to keep in mind that the Parse User object is readable by all other users by default. You will want to set the ACL on your User object accordingly if you wish to prevent data contained in the User object (for example, the user's email address) from being visible by other users.
There may be instances where you wish to provide selective read access to a Parse User object. For example, other users may wish to obtain a particular user's username, but you also want to prevent anyone from obtaining the user's email address. For situations like this, you will want to lock the object down by default and provide Cloud Code functions to access the parts of the Parse User object that you wish to expose to all users.
因此,设置 ACL 以锁定仅用户自己的访问权限,并提供云代码以访问用户需要了解其他用户的任何其他内容。
关于ios - 使用 PFLogInViewController 创建 PFUser 后,Parse.com iOS 用户电子邮件打开可读,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/24528405/