0

I'm new with web developing, I'm working on Firebase web hosting i have just deployed my files. But when i open link https://(APP-NAME).firebaseapp.com/FirebaseInit.js

I can view my Firebase login data in browser, This file should not be read by anyone, How can i deny access to this file?

Any help will be appreciated

Salah
  • 933
  • 3
  • 13
  • 32
  • 1
    You can't. Everything you deploy to hosting is essentially public if you know the url. – Doug Stevenson Dec 09 '17 at 23:21
  • But also note that the configuration values of your Firebase project are necessary to be able to access further data. They are **configuration** data, not security credentials. See https://stackoverflow.com/questions/37482366/is-it-safe-to-expose-firebase-apikey-to-the-public – Frank van Puffelen Dec 10 '17 at 00:01
  • @FrankvanPuffelen so if someone got my info he cannot create html page with login with his user then add objects to his profile in database? Can you explain more on how it works and why they cant access database if they got the login info like ApiKey etc? – Salah Dec 10 '17 at 01:01
  • Securing your database is different from securing your hosting files. The latter is about securing code, while the former is about securing data. You're using a cloud-hosted backend, so by its nature that backend must be accessible to your users. You'd use a combination of Firebase Authentication, Firebase security rules and (possibly) custom logic (such as approving users) to ensure all access is as you want to authorize it. See Kato's answers here: https://stackoverflow.com/q/18005984, here https://stackoverflow.com/q/18890330 and here https://stackoverflow.com/q/23169689 – Frank van Puffelen Dec 10 '17 at 01:53
  • Alright thank you so much @FrankvanPuffelen – Salah Dec 10 '17 at 04:00

0 Answers0