Production rollout

Hi,

i’m preparing my app to go live and making the final security adjustments on Moralis classes.
I’ve came across a doubt regarding several classes. The classes are below:
EthBalance, EthNFTOwners, EthNFTTransfers, EthTokenBalance, EthTokenTransfers, EthTransactions, EventSync, RateLimits, Role, Session and _EthAddress

The doubt is regarding the security model for this classes - what should be done ?
Can this classes be written/tampered on the frontend with only access to the apiKey ?
Can someone made requests to alter the data on this classes ?

I also have some other classes that are created via the sync method (based on smart contract events and before/after save functions). Can this classes be also tampered with ?

Regards

Hi @armindopereira

I suggest you to take a look at https://docs.moralis.io/moralis-server/database/security first. Feel free to ask any questions after you check the docs and video

HI,

i’ve checked the docs and that is why i’ve posted the question.

Regards

can you choose a particular case and ask what are your concerns in particular for a specific table?

Hi,

for the classes
EthBalance, EthNFTOwners, EthNFTTransfers, EthTokenBalance, EthTokenTransfers, EthTransactions, EventSync, RateLimits, Role, Session and _EthAddress

Can this classes be written/tampered on the frontend with only access to the apiKey ? (since its visible on frontend)
Can someone made requests to alter the data on this classes ?

Regards

Based on the CLP that you have on those classes, what can be done now?

Hi,

this is for EventSync / Session (which i didnt create this one - seems something Moralis do automatically)

image1309×622 38.6 KB

Regards

you can disable write for public there

you can watch this tutorial: https://www.youtube.com/watch?v=Yd4gFQ5ppmQ&ab_channel=MoralisWeb3