0

I have already found many answers about this like link But I don't think it really solves my problem, I still can easily get my database instance in client side:

firebase.initilizeApp(config);
db = firebase.firestore();//db can be considered as an instance

Then simply type code in Chrome console:

db.collection("abc").where("id","===","1").get().then(function(){//do something})

to get my data.
However I still want the client side is able to do CRUD but only through the page events like click or drag or something else. So in such situation, is it possible to achieve it?

Frank van Puffelen
  • 565,676
  • 79
  • 828
  • 807
Hua Mai
  • 99
  • 9

1 Answers1

1

When you add a website to your firebase project where you would like to access the database, you're defining which URL cann access the database...

Checking authentication and integrity needs to be managed by the database rules though.

Therefore, once you've connected to the app and can fetch data, you can of course also do CRUD operations and create/read/update/delete data in there...

If you want to, you can of course also utilize Firebase functions as a bridge between website and database... there you could define REST-Calls that write or read from the database. However, you need to make sure to add authentication stuff there as well to prevent unallowed access.

florianbaethge
  • 2,520
  • 3
  • 22
  • 29
  • Thanks for your answer! Actually I think I omitted something in official documentation. You're right, it's already provided lots of authentication ways.And the only way to ensure security is to follow the authentication rule or put it in server-side! – Hua Mai Apr 02 '18 at 02:32
  • Good to hear! If this answer suffices your needs, please feel free to mark it as the accepted answers so that the question is closed. Thanks – florianbaethge Apr 03 '18 at 06:58