Parse Server Master Key
Service Name: Parse Server
Service Description: Parse Server is an open-source backend that can be deployed to any infrastructure that can run Node.js. It works with the Express web application framework and can be added to existing web applications, or run as a standalone API server.
Service Address: https://parseplatform.org/
Validation Type: -
IP Allow list: IP restrictions can be configured at the server level through network security rules where Parse Server is deployed.
Secret Access Scope: The master key grants unrestricted access to the Parse Server instance, bypassing all security constraints and allowing operations on all data and configurations.
Secret Revokement URL: Does not exist (requires changing the master key in your Parse Server configuration)
Secret Example: myMasterKey123456789abcdefghijklmnopqrstuvwxyz
Suspicious Activity Investigation Instructions:
- Review server logs for unusual API requests or data access patterns
- Check for unauthorized schema modifications or class creations
- Monitor for unexpected user creation or role modifications
- Look for bulk data exports or deletions
- Examine cloud function execution logs for suspicious activities
- Verify if there are any unexpected background jobs running
Mitigation Instructions:
- Immediately change the master key in your Parse Server configuration file
- Restart the Parse Server to apply the new master key
- Review and update any application code or services that use the master key
- Audit user accounts and roles for any unauthorized changes
- Check data integrity and restore from backups if necessary
- Consider implementing additional security measures like API rate limiting
- Review your deployment architecture to ensure the master key is properly
secured
- Update any CI/CD pipelines or deployment scripts that contain the old master
key