0

How can I prevent any CRUD operations issued from outside my applications that are connected to my firebase project, because for example if someone was able to grab the url of the database by using inspect element and pressing on a button in the website that performs an operation in firebase he will be able to grab the link, then if the firebase rules are not set properly, using the command line he will be able to issue a command to delete the whole database and make the application or website useless.So how to prevent such a thing??

Frank van Puffelen
  • 565,676
  • 79
  • 828
  • 807
serjo macken
  • 465
  • 2
  • 7
  • 16
  • There is no mechanism to restrict access to just users of your app. To prevent unauthorized access, you need to write correct security rules. See Kato's answer here: https://stackoverflow.com/questions/18005984/how-do-i-prevent-un-authorized-access-to-my-firebase-database – Frank van Puffelen Oct 18 '18 at 13:17
  • Ok will check it – serjo macken Oct 18 '18 at 13:41
  • I use only firebase for my ios and android application and by this the url will not be shiwn using inspect elelment aince there is no inspect element on android but if someone used applications like wireshark,can they intercept the traffic generated by the application and the frab the url??@FrankvanPuffelen – serjo macken Oct 18 '18 at 13:46
  • Anyone can just take the APK, decompile it, and get the URL that way. It's quite simple: if your app needs the URL to access your data, a user of that app can take that URL. That's why you need to secure access based on the user, not based on the app. – Frank van Puffelen Oct 18 '18 at 13:48
  • Ok will see what I can do – serjo macken Oct 18 '18 at 15:03

0 Answers0