0

I have an app using Firebase as backend. Can someone reverse engineer my app to get hold of the code and modify it to access and tamper my database? If so, how can I secure my data against such attacks?

Also, is there any other ways that my database can be compromised?

What are the best practices to protect my data?

ReyAnthonyRenacia
  • 17,219
  • 5
  • 37
  • 56
Haneesh Bhardwaj
  • 127
  • 1
  • 6
  • In addition to Peter's answer, have a look at these: https://stackoverflow.com/questions/37482366/is-it-safe-to-expose-firebase-apikey-to-the-public, https://stackoverflow.com/questions/35418143/how-to-restrict-firebase-data-modification, https://stackoverflow.com/questions/18005984/how-to-prevent-other-access-to-my-firebase?noredirect=1&lq=1 – Frank van Puffelen Mar 12 '18 at 14:24

1 Answers1

2

To secure your data, you need to use Firebase Database rules:

Firebase Database Rules are declarative configuration for your database. This means that the rules are defined separately from the product logic. This has a number of advantages: clients aren't responsible for enforcing security, buggy implementations will not compromise your data, and perhaps most importantly, there is no need for an intermediate referee, such as a server, to protect data from the world.

Example:

{
 "rules": {
    "users": {
      "$user_id": {
         // grants write access to the owner of this user account
         // whose uid must exactly match the key ($user_id)
      ".write": "$user_id === auth.uid"
     }
   }
  }
}

more info here:

Secure Your Data

Peter Haddad
  • 78,874
  • 25
  • 140
  • 134