Description
New Feature / Enhancement Checklist
- I am not disclosing a vulnerability.
- I am not just asking a question.
- I have searched through existing issues.
Current Limitation
Parse Server does not give any guidance in regards to weak security settings.
- Helps developers with existing apps to secure deployment.
- Helps new apps transitioning from a "playground" environment to a production environment.
Originally discussed in the community forum.
Feature / Enhancement Description
Add security report for developer to easily identify common weak security settings. While there are endless discussions possible about how "weak" a setting has to be to be considered security relevant, this feature should at least identify obvious weaknesses (e.g. a password of 5 characters). Gradually evolving, the security check can be parametrized according to individual policies, although that is not the aim of an initial version.
The feature is expected to develop in phases:
- Writing security report to Parse Server logs
- Displaying security report in Parse Dashboard
- Parametrization of security check according to individual policy
The checks can be continuously extended over time. Adding a feature-specific security check shall become a mandatory consideration whenever adding new features to Parse Server, just as writing test cases or docs.