@TomWFox would you see any benefit in adding a bit of text / examples around the LQ Triggers (beforeConnect / beforeSubscribe) in the LiveQuery security section?

I think that would be beneficial, I wonder whether the security section could be pulled up a level so its more prominent but happy to follow your judgement on that.

It would be easier to maintain if it linked to the cloud code guide - perhaps with added security related examples there.

Also, the Parse Server Guide has very little on enforcing security / validation in cloud code compared to the platform guides. Do you think it would be worth reiterating here as this is where I think most users would get started with Parse?

Probably. There is a lot of overhauling needed in the Parse Server Guide generally. Again I think a bit of text with a link to the cloud code guide would be the best way to go in terms of maintainability but feel free to disagree...

Just thinking off the top of my head but I wonder whether the real improvement here would be to add the common security doc (included in all the client guides) to the server guide. What do you think?

Thank you for your thoughts mate. I appreciate the time all the core team go to in relation to maintaining this great platform.

I think both are good suggestions. Personally, as a dev who learnt backend through Parse Server, I tend to think that there’s not enough reiteration around how important cloud validation of ACLs, queries, etc. When I started back in the parse.com days, I got the naive impression that parse was a backend that I didn’t have to worry about anything else. I think we could also have a security checklist (or maybe dashboard as related to this conversation on the forum).

Oops wrong button

I will work through the security of the cloud docs @TomWFox and do my best to make the points as understood as possible, especially with all the new triggers (hopefully with my new PR for the validation handler too 😝). I’m also keen to work through any issue requests in this repo and close them out with PRs. If there’s anything else I could help make this amazing platform better, please let me know.

When I started back in the parse.com days, I got the naive impression that parse was a backend that I didn’t have to worry about anything else.

I can relate to this! There is definitely more we can do to to document security features & techniques.

You've been doing a fantastic job, the only thing I can say is keep the PRs rolling 😅

Careful what you wish for @TomWFox 😂. I've got a few weeks spare thanks to COVID so I'll try to keep working on improvements for Parse Server that I've always wanted to make, but never understood how.