Does anyone have the ability to create an account with my key?

Question

EDIT : tried the authorized domain and it seems to be what i need, i'll try to go deeper with André's answer :) Thank you !

Hi,

I'm new to firebase and i just finished a project but i had a question:

Since the doc says i have to put my api keys and else in the javascript, they are visible to anyone even if put into process.env

i've read here : Is it safe to expose Firebase apiKey to the public?

that making the api key public is normal and not a big deal.

I'm using the email/password auth and i'm scared

If someone takes my :

API_KEY_FIREBASE
AUTH_DOMAIN
DB_URL
PROJECT_ID

that are in the source code and use the createAccount function, is he gonna be able to create an account ? Is yes, is there a way to disable this ? I want to be able to create account only through the firebase console

I'm not using firebase database for my data, i only use it for auth so i don't have to create a user table in my database, but i use the IDTokens they provide to secure some routes on express.

thank you ! :)

Someone can only create an account when you have that option enabled in your firebase console. So If you have it disabled there is no problem. — André Kool, Jul 19 '18 at 09:10
How can we disable it ? can't find anything about disabling creation of new accounts :( — Ivan Milosevic, Jul 19 '18 at 09:20
You can look [here](https://firebase.google.com/docs/auth/web/password-auth) in the before you begin section for how to enable/disable Email/password sign-in method — André Kool, Jul 19 '18 at 09:35

score 1 · Answer 1 · answered Jul 19 '18 at 16:50

1

Someone can only create an account when you have that option enabled in your firebase console. So If you have it disabled there is no problem.

You can look here in the "before you begin" section for how to enable/disable Email/password sign-in method.

answered Jul 19 '18 at 16:50

André Kool

4,880
12
34
44

Does anyone have the ability to create an account with my key?

1 Answers1