0

Ok I am in a bit of a dliemma I have my android app and well I realized that my app requires my client to view the information in a readable format and well my best bet is angular on the firebase plateform.

But well , I am stuck on security . What I mean is this due to the changes made in firebase setup I see that the setup now exposes the firebase apiKeys and secret information in the tag. And now it got me worried as to if anyone gets these keys then my db is exposed and vulnerable to attack.

I need your suggestions in coming up with a valid backend system or securing the javascript js file. I am stuck and your assistance in this will be really appreciated

Gondai Nathaniel Richard
  • 1
  • 2
  • Having your API key in the client-readable code is normal and necessary. Secrets typically should not be in client-readable code. Have a look at [this question](http://stackoverflow.com/questions/35418143/how-to-restrict-firebase-data-modification). If that doesn't address your concern, you'll have to show more on what data you're including before we can help. – Frank van Puffelen Jun 13 '16 at 15:11
  • Thank you for your response I appreciate it. – Gondai Nathaniel Richard Jun 13 '16 at 15:43
  • So it means security rules at the database end are important but I want to ask is { "read":"auth!=null","write":"auth!=null"} enough – Gondai Nathaniel Richard Jun 13 '16 at 15:44
  • Those rules allow only authenticated users to read/write your database. If that fits your needs, they are enough. Most developers end up customizing the security rules to their needs. See https://firebase.google.com/docs/database/security/ – Frank van Puffelen Jun 13 '16 at 15:47

0 Answers0