Description
New Feature / Enhancement Checklist
- I am not disclosing a vulnerability.
- I am not just asking a question.
- I have searched through existing issues.
Current Limitation
By default, Parse Server allows to use the master key with remote access. This creates a security risk because an exposed master key allows to access Parse Server with highest privileges via remote network requests against the public Parse Server API.
Parse Server already recommends in the documentation that the master key should never be used client side. Having the master key usable via remote access by default is contradictory to that advice.
Feature / Enhancement Description
To improve the default security of Parse Server, default the existing Parse Server option masterKeyIPs to 127.0.0.1, i.e. localhost.
The most common use case for master key being used remotely may be Parse Dashboard, which unfortunately still requires the master key, but that will hopefully change soon.
The feature must consider dynamic IP addresses, so it must be possible to not set any IP address restriction. That is currently the default, by not setting masterKeyIPs. If the new default is 127.0.0.1, it's unclear how to set no restriction, because masterKeyIPs: [] currently means "don't allow any IP address".
A suggested solution is to allow using CIDR notation in masterKeyIPs. If the string misses the CIDR range, it should be interpreted as using the range of /32. This also causes the least adoption effort for developers.
- don't allow any IP address:
masterKeyIPs: [] - allow any IP address:
masterKeyIPs: ['0.0.0.0/0'] - allow only a single IP address:
masterKeyIPs: ['10.0.0.1/32']ormasterKeyIPs: ['10.0.0.1'] - allow only a specific IP address range:
masterKeyIPs: ['10.0.0.1/16']
Example Use Case
n/a
Alternatives / Workarounds
n/a