How to list users information from firebase on android?

Question

I am working on an Android project. There is a users node in my firebase and I want to list some information but I don't want to be read uid. I took measures but I didn't read the information which such as,name-surname or status. How can I do it? My Database Rules;

"rules": {
    "users": {
           "$uid": {
               ".read": "$uid === auth.uid",
                  ".write": "$uid!=null && $uid === auth.uid",
            "name-surname": {
              ".read": true,
                ".validate": "newData.isString() && newData.val().length < 30"
            },
            "status": {
              ".read": true,
                ".validate": "newData.isString()&& newData.val().length < 75"
            },
          "website": {
            ".read": true,
                ".validate": "newData.isString()&& newData.val().length < 80"
            },
          "linkedin": {
            ".read": true,
                ".validate": "newData.isString()&& newData.val().length < 80"
            },
          "github": {
            ".read": true,
                ".validate": "newData.isString()&& newData.val().length < 80"
            }
           }
    }
}

The part of my code;

 DatabaseReference mDatabase = FirebaseDatabase.getInstance().getReference();
   final MembersInfo member = new MembersInfo();
    mDatabase.child("users").addValueEventListener(new ValueEventListener() {
        @Override
        public void onDataChange(DataSnapshot dataSnapshot) {
            // Is better to use a List, because you don't know the size
            // of the iterator returned by dataSnapshot.getChildren() to
            // initialize the array

                    String nameSurname = dataSnapshot.child("uid").child("name-surname").getValue(String.class);
            Toast.makeText(MainActivity.this, nameSurname, Toast.LENGTH_SHORT).show();
                    member.NameSurname=nameSurname;

        }

        @Override
        public void onCancelled(DatabaseError databaseError) {
            Toast.makeText(MainActivity.this, databaseError.toString(), Toast.LENGTH_SHORT).show();
        }
    });

I mean anybody can not access any uid. I think the status will be dangerous. — oguzkaganeren, Aug 10 '17 at 14:19

score 1 · Accepted Answer · answered Aug 10 '17 at 14:48

Knowing a user's UID is not a security risk. See my explanation here: Firebase - Is auth.uid a shared secret?

That said, there are plenty of good reasons to only expose a subset of user profiles in your app. To do this, you'll have to separate the subset into a separate top-level list. For example, to allow a list of just the user names without sharing the other info:

usernames
  "209103": "Frank van Puffelen"
  "7174606": "oguzkaganeren"

To be able to read this list, you will need to grant access on /usernames. So this will still share the UIDs.

For more examples, see:

Thank you for this beautiful answer. – oguzkaganeren Aug 10 '17 at 14:58 — oguzkaganeren, Aug 10 '17 at 14:58

How to list users information from firebase on android?

1 Answers1