Help understanding security

Question

I'm not sure I understand the security permissions. Here are a few questions:

-If I don't have ACL activated and I don't use custom key, does that mean that anyone can do anything with the system? For example, if they have the api key/secret key they can delete users and such?
-What are the differences between PUBLIC/READ, PUBLIC/WRITE and PUBLIC/ALL? If I do public write, that means that I can only write and not read correct? ALL would be both read and write?
-What is considered PUBLIC? And what is considered Private?
-I'm working in Unity and targeting ios/android. How hard would it be for someone to get the api key/secret key out of my code?
 

Answer 1

Hi Joe,

Yes, you are right. If you have not created ACL enable app and somebody have access to your app keys then he/she can change everything like update user data, save new data, delete user etc. To your other queries, please find my answer inline and let me know if it helps:

PUBLIC READ: It means the document or file which you ar going to save in App42 database, will have default access of PUBLIC Read. However, if you set the ACL object in service instance before making a request on App42 server then it will work according to that ACL object.  

PUBLIC WRITE/ALL:  Both as functional are same, users who have PUBLIC WRITE access on a particular file or document, can make both operations read and write.

Here PUBLIC is a generic term which means all app users can access the data. If you want to restrict the permission then you can set the ACL object. For more detail, please have a look at this link and let us know if it helps. 

 P.S For any potentials programmer, it's not a tough job to get the app code and credentials. There are online tools available through anyone can decompile the app file and see the app code & credentials. 

 

Regards,

Himanshu Sharma