I am considering using Parse for a web/mobile app, and it appears that they use "secret urls" as the primary security measure for accessing parse files. Obviously this isn't SUPER secure, but it does seem to be a fairly common way to limit access to, say "private photos" (e.g. flickr does it). Would you consider this "commercially reasonable" attempt to protect private data?
This method seems fine for protecting data as far as I can tell.<p>I would definitely recommend using https though because only the hostname is sent in plain text, the URL should be fully encrypted in an https request.<p>On the other hand, I'm not sure how reasonable this method is from a liability perspective. If a client accidentally forwards a secure url to someone who causes them to lose money, then there might be a chance that you could be liable for not securing your product effectively.