0

My concern is the security risk associated with someone knowing my project-id.

I am using firebase storage to store images accessed from my app. The urls of these images are used to open these images. However the url contains my project id as demonstrated below:

https://firebasestorage.googleapis.com/v0/b/MY PROJECT ID APPEARS HERE.appspot.com/o/astring%2F20191204_120258?alt=media&token=39154dc2-2024-4b77-9e66-2a134735bab3

I would like to replace this url with something else that won't reveal my project-id. Is this possible? Or is my security concern perhaps not a valid one?

ericgithinji
  • 325
  • 4
  • 11

1 Answers1

1

The download URLs generated by Firebase Storage are opaque strings, that can't be modified. If you want to control the URLs by which your clients access the data in Cloud Storage, you'll have to generate your own URLs and access methods (e.g. through Cloud Functions).

Note that in a correctly set up project there is no danger in your users knowing your project ID. It serves as nothing more as a way for your app to find its Firebase project on Google's servers. See Is it safe to expose Firebase apiKey to the public?

Frank van Puffelen
  • 565,676
  • 79
  • 828
  • 807