0

I am working on an application built using web technologies (html, css, js) that will run as a desktop app using electron. The app will connect with database and file storage services hosted on firebase. Users of the application will not need to sign in to the application in order to authenticate, but the application will be both reading and writing data on firebase's servers.

We don't want to allow anyone not using the application (or firebase's console) to be able to write to or modify the database or upload or delete files from storage.

There will also be a website which will only be able to read the firebase-stored content. If possible I would like to limit reading of the data to that site and the application, but if that's not possible then opening up the stored data and files to be read by anyone wouldn't be an issue.

What is the best way to configure authorization for this app and website?

Thanks!

flyingace
  • 1,707
  • 17
  • 24
  • you should get some time reading firebase documentation. In your case you can go through [auth](https://firebase.google.com/docs/auth/) and [sec&rules](https://firebase.google.com/docs/database/security/quickstart). – adolfosrs Jun 21 '16 at 01:03
  • Firebase follows a user-based security model. So unless you have the users sign in as different identities for each app, this is going to be difficult. Similarly requirements have been discussed a few times in the past, see: http://stackoverflow.com/questions/18890330/how-to-make-sure-only-my-own-website-clientside-code-can-talk-to-firebase-back, http://stackoverflow.com/questions/35418143/how-to-restrict-firebase-data-modification – Frank van Puffelen Jun 21 '16 at 01:04

0 Answers0