0

If one integrates this config in JS, won't it be a security concern as any one can open the JS file, get access to this details and access my firebase DB?

var config = {
    apiKey: "xxxx",
    authDomain: "xxx.firebaseapp.com",
    databaseURL: "https://xxx.firebaseio.com",
    storageBucket: "xxx.appspot.com",
    messagingSenderId: "0000"
};

How does one make sure it's secure?

Prateek Agarwal
  • 407
  • 1
  • 8
  • 20
  • 2
    Any database that is accessible through the internet can be found by sone. You'd make your database secure by setting up rules on who can access it and what they can do. In the case of Firebase, these rules are described [here](https://firebase.google.com/docs/database/security/). Also see my answer here: http://stackoverflow.com/questions/35418143/how-to-restrict-firebase-data-modification/35419194#35419194 – Frank van Puffelen Sep 24 '16 at 13:15

1 Answers1

2

That's just so the client can identify your app. Even the apiKey is more like a reference and less like a secret password so don't worry. You can use this to instantiate many apps inside a single file. (see https://firebase.google.com/docs/web/setup)

// Intialize the "[DEFAULT]" App
var mainApp = firebase.intializeApp({ ... });

// Intialize a "Secondary" App
var secondaryApp = firebase.initializeApp({ ... }, "Secondary");
...
mainApp.database().ref("path/to/data").set(value);
secondaryApp.database().ref("path/to/data").set(anotherValue);

Now, the heart of Firebase security are the Firebase Realtime Database Rules. Learn them here: https://firebase.google.com/docs/database/security/

The Firebase Realtime Database Rules are expressed in a JSON-like format, so you should be creating some for yourself in no time!

Gabriel Antunes
  • 56
  • 4