Hi Guys, I was having a problem loading a new user address (relation 1:1 with Users) and when I checked the Backendless Dashboard I notice that for some reason the API is not returning any Users data.
AppID: 9CA9AA41-6892-4A1E-FFB5-95DEAF5A4A00
the reason is this:
Use the User Login link in REST Console and login as an app user which has permissions to retrieve data from that table:
Regards,
Mark
If you are asking whether enabling the FIND permission for not authenticated users presents a security risk, I think it certainly does. Would you want anyone who doesn’t have an account to be able to retrieve data from your database?
No @mark-piller, only authenticate users. Non-authenticated users should not be able to retrieve data.
In the app you must authenticate with social login to enter, no way to use the app without authentication. The problem is some back-end features seems to not work without giving permission to this NotAuthenticatedUser.
REST Console makes regular API requests, these would be the same requests that your app makes. As a result, if you restrict access to the NotAuthenticatedUser role and make a request from REST Console without prior authentication, the request will return no data. This means that Backendless actually works, because it only demonstrates Backendless Security in action.