parse-dashboard
parse-dashboard copied to clipboard
parse-community
Add Security Check page
New Feature / Enhancement Checklist
- [x] I am not disclosing a vulnerability.
- [x] I am not just asking a question.
- [x] I have searched through existing issues.
Current Limitation
The new Security Check feature of Parse Server currently writes weak security settings in the logs or returns them as JSON via REST request to /security endpoint.
- Human-reading the report in logs or as JSON is inconvenient
- Outputting the report in logs is already discouraged an regarded a weak security setting itself because it potentially exposes points of attack in the logs
Feature / Enhancement Description
Add a Security Check page to Parse Dashboard that displays the report in a convenient UI.
The feature would send a request to the /security endpoint to receive the report in JSON format. The report schema is already described in https://github.com/parse-community/parse-server/pull/7247#issue-585913691. The page would display a table of that report, ideally with visual elements to highlight failed / successful security checks.
Example Use Case
(none)
Alternatives / Workarounds
Read reports in logs or manually via REST request.
3rd Party References
(none)
That's great! This would significantly improve accessibility to the security state of Parse Server.
Since this requires creating a new page, if you want to get feedback or brainstorm about the new page layout, please feel free to post a wireframe draft. This way we can mitigate any layout changes later on.
We already have the log output of Security Checks on the server side in v5, so that is already a big step forward.
Haven't had the time for this unfortunately, so if anyone wants it, go for it!
