-1

I've a question about Firebase and his client-side code. I'm new with this tool and i want to ask if it's a good practice build an android app writing code client-side. I know about firebase rules and security to prevent undesiderable accesses but how much can be safe show the database url in the app source code? What i should study to learn about write code in security? I have a lot of question about this.

I need a clear explanation.

Thank you!

Frank van Puffelen
  • 565,676
  • 79
  • 828
  • 807
Giacomo Lai
  • 494
  • 3
  • 15
  • A Few Tips to keep your is add some sort of authentication and also prevent non- authenticated read or writes. You shouldn't expose your api keys and if you are working on an open source project you shouldn't publicly show the google play services json file – Sukrit Kumar Oct 30 '16 at 09:25
  • Whether it is safe to expose an API key depends on the type of key. The Firebase API key is safe (and even needed) on the client. See http://stackoverflow.com/questions/37482366/is-it-safe-to-expose-firebase-apikey-to-the-public/37484053#37484053 – Frank van Puffelen Oct 30 '16 at 14:32
  • To prevent unauthorized access to your data, you first require the users to sign in (e.g. using [Firebase Authentication](https://firebase.google.com/docs/auth/)) and then [set security rules on your database that determine what users are allowed to do](https://firebase.google.com/docs/database/security/). – Frank van Puffelen Oct 30 '16 at 14:36

1 Answers1

1

You have to design your data structure and security rules very carefully in order not to allow malicious users corrupt or hack your data. If your application logic is not simple your security rules would be much more complex, and it is the hardest part in firebase development.

For creating complex security rules the firebase bolt compiler comes to rescue, see https://github.com/firebase/bolt

If you are developing firebase web application, all your backend code are exposed to the client, what if you don't want to share all your backend code, for that purpose you can use firebase queue and have backend server, which will run your code in the server side and also collaborate with firebase, see This Blog Post and its Documentation.

LW001
  • 2,452
  • 6
  • 27
  • 36
Vladimir Gabrielyan
  • 801
  • 1
  • 11
  • 23