Allow write to a path for Nickname user


#1

Hi, I am making a conference app where user’s client app read the schedule (from realm cloud).
The plan is to allow a user to submit anonymous feedback for each talk by asking them to set a Nickname.

My questions are

  1. Why is Nickname not recommended for production? (In Settings: The Nickname provider is not secure and should never be enabled in production deployments. It’s meant to only be used during development.)
  2. Is it possible to allow the user to write only to Feedback object using Nickname, to the same realm?

Thanks for your help!


#2

If it’s anonymous then why do you need a Nickname? Why not just set up an anonymous user?

Also, what’s the correlation between asking a user to set a Nickname and leaving feedback?


#3

Nickname is for fun, like when you’re playing Kahoot game.
If time permits, would like to add something like a chat room for conference attendees and this nickname would be useful. But yeah, I get your point …


#4

Any response for this …


#5

By using Nickname Authentication, it authenticates users on your entire database. They may be able to access ‘stuff’ you don’t want them to access. There’s no way to lock it down so while in development that’s ok, when you open it to general use that could be a significant security issue.

Not sure allowing anyone to leave unlimited anonymous comments is a good idea - that could easily be abused and spammed to the point of overloading the database or blocking other users. What if a user posts a comment and then later changes their mind and wants to delete it? There would be no way to get back to their post. Also, users could ‘spoof’ either other as user with nickname Leroy could spoof another user named Leroy.

Perhaps using standard authentication, so at least you know it’s a human, but then make comments anonymous?