How to prevent confidential data like database url of firebase and secret key from going to client side with typescript file in angular 2?

Question

I am using app.module.ts for configure firebase but after running app I can see my firebase configuration in browser from inspect element, Is there any way to prevent firebase confiuration to going on client and use databse?

import { BrowserModule } from '@angular/platform-browser';
import { NgModule } from '@angular/core';
import { AppComponent } from './app.component';
import { AngularFireModule } from 'angularfire2';

// Must export the config
export const firebaseConfig = {
  apiKey: '<your-key>',
  authDomain: '<your-project-authdomain>',
  databaseURL: '<your-database-URL>',
  storageBucket: '<your-storage-bucket>'
};

@NgModule({
  imports: [
    BrowserModule,
    AngularFireModule.initializeApp(firebaseConfig)
  ],
  declarations: [ AppComponent ],
  bootstrap: [ AppComponent ]
})
export class AppModule {}

http://stackoverflow.com/questions/37482366/is-it-safe-to-expose-firebase-apikey-to-the-public — Manish, Dec 04 '16 at 05:36
This is exactly what I want to know, but still I have one question , It is necessary to provide firebase URL and key in typescript right? so Is it mean that any one can tack my database for his application ? — Rushi Sharma, Dec 04 '16 at 08:40
Yes. but in that case you can restrict users for read/write via suitable permissions. You can place your url's & key somewhere else (any config file) & you can pass the reference to your firebaseconfig, Once ur application is minified, it won't be easily trackable. — Manish, Dec 04 '16 at 13:15

How to prevent confidential data like database url of firebase and secret key from going to client side with typescript file in angular 2?

0 Answers0