I put together an angular app that is using a parse-server backend. As I understand the app connects to the server through the following line in app.js:
Parse.initialize('MY_APP_ID');
My question is what is stopping someone from viewing app.js in the source and seeing my app id? Could they not use the app id to hack my server and mess with my data? I'm sure someone has thought of this and I'm just missing something but I can't seem to wrap my head around it.
My understanding is that it isn't. You protect your data through the use of roles and ACLs. e.g. you would set yourself (and other developers) as admin which allows you to access and edit particular classes. Personal user data would only be editable by the people who created it. And you could also have moderators who could have elevated user privileges etc.