I am thinking that when I call Moralis.Cloud.run(âfunctionâ, wallet address, input), it will run the âfunctionâ on my Moralis Cloud server code. But when attacker try to bypass the authentication, steal my ServerURL and AppID, donât they also can call my function with any wallet address (pretend to be someone else) with any input?
Did I miss anything? Or is there anyway to only react to the Moralis.Cloud.run with authenticated user only?