I created a class in parse.com and added a column of type: File
Uploaded a file 'myfile' to it.
Changed the security of the class so that GET is not allowed at all.
Client Permissions: GET (disabled)
But i can directly access the file like this from URL:
http://files.parsetfss.com/xxxxxxx-xxx-xxx-xx-xxxxx-xxxx-xx-xxx-xx-xxxx-myfile
So is the access to file object not secure? Or did i miss any configuration?
What you secured is getting anything under GET classes/YourClassname, the URL itself is not secured in the sense of ACL. However as long as no one else except your app knows about the direct URL for the file they are somehow safe from unauthorized access.
Also there is no direct access to get a list of all files stored for your app. That means that you, as a client, can only see the URL of the ParseFile if you have access to the object it is associated with.