Presumably it is exactly the same as in any other web application--the save meth... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		fooandbarify on May 30, 2012 \| parent \| context \| favorite \| on: Parse launches JavaScript SDK: Parse for Websites Presumably it is exactly the same as in any other web application--the save method is using an HTTP request under the covers, which must be rejected if the user is not authorized to perform that action.

jimmar on May 30, 2012 [–]

I don't think it's just a matter of authorization. I think you would have to use something like anti-forgery tokens to prevent automated scripting of http requests.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact