Add Security Check page

[mtrezza]

New Feature / Enhancement Checklist

• I am not disclosing a vulnerability.
• I am not just asking a question.
• I have searched through existing issues.

Current Limitation

The new Security Check feature of Parse Server currently writes weak security settings in the logs or returns them as JSON via REST request to /security endpoint.

• Human-reading the report in logs or as JSON is inconvenient
• Outputting the report in logs is already discouraged an regarded a weak security setting itself because it potentially exposes points of attack in the logs

Feature / Enhancement Description

Add a Security Check page to Parse Dashboard that displays the report in a convenient UI.

The feature would send a request to the /security endpoint to receive the report in JSON format. The report schema is already described in parse-community/parse-server#7247 (comment). The page would display a table of that report, ideally with visual elements to highlight failed / successful security checks.

Example Use Case

(none)

Alternatives / Workarounds

Read reports in logs or manually via REST request.

3rd Party References

(none)

[dblythy]

I'm happy to work on this if no one is working on it!

[mtrezza]

That's great! This would significantly improve accessibility to the security state of Parse Server.

Since this requires creating a new page, if you want to get feedback or brainstorm about the new page layout, please feel free to post a wireframe draft. This way we can mitigate any layout changes later on.

[dblythy]

Ok, no worries. Will post here!

[dblythy]

Was hoping to have this for V5 Parse Server but have been a little busy

[mtrezza]

We already have the log output of Security Checks on the server side in v5, so that is already a big step forward.