Hey all
I have an app that is a bit complex in the backend. When I built it I preferred counting on “ignore privacy rules” just to see that everything works
Now I wonder, what could go wrong this way? Can the app be exploited more easily?
Trying to figure out if its worth the time to set the privacy rules more accurately
Thanks!
…if it’s sensitive data then don’t expose it.
What could potentially happen?
Depends on what the calls are that you have, Backend workflows are APIs. Whatever you’re exposing would be easily accessible to delete, create, modify data in your database.
Ex: if you don’t have privacy rules setup on your user level and have a public edit user call someone could change a user level status from a standard user to admin and access any part of your app if you’re using user levels in your app. Just depends what you’re exposing and giving access to the full database.
Not to mention you should never take your thought process on the security of your app…ignore privacy rules is pretty much strictly for testing. If you’re collecting public users data you need to respect their privacy and make sure you protect it.
Thanks! Its much more understood right now.
I’m going to change that.
And just to be clear, how can someone create an API call to my app? how could that be achieved?
