parse-community · mtrezza · Sep 3, 2021 · Sep 6, 2019 · Nov 15, 2019 · Jan 9, 2020
diff --git a/_includes/parse-server/best-practice.md b/_includes/parse-server/best-practice.md
@@ -0,0 +1,23 @@
+# Best Practice
+
+*This page is a work in progress and incomplete. If you have any suggestions, please open a pull request.*
+
+## Security
+
+### Firewall
+
+Protect all Parse Server endpoints using a Firewall to mitigate the risk of malicious attempts to scape user data, flood the database and DDoS attacks.
+- Use rate-limiting rules for public endpoints, for example limit the number of requests per IP address or per user.
+- Use very restrictive rules for private endpoints; for example limit access to Parse Dashboard to your personal network.
+
+## Optimization
+
+The following is a list of design considerations to optimize data traffic and performance.
+
+### Database
+
+- Use short field names; field names need to be stored in the database just like the field values; short field names not only require less database storage but also reduce the data traffic between database, server and client.
+
+### Queries
+
+- Use `select` and `exclude` to transfer only the fields that you need instead of the whole object.
diff --git a/assets/js/bundle.js b/assets/js/bundle.js
diff --git a/parse-server.md b/parse-server.md
@@ -22,4 +22,5 @@ sections:
 - "parse-server/third-party-auth.md"
 - "parse-server/MongoReadPreference.md"
 - "parse-server/development.md"
+- "parse-server/best-practice.md"
 ---