2

In some tutorials, the instructor says that the Front end should not talk to your database directly. In case of Angular and Firebase, we have to provide our firebase credentials in our angular app. I agree its not safe if you have set the rules to true for both write and read in firebase. I know it is fine to have an intermediate layer (RESTful API), if you don't have any need for realtime updates from the database.

If I want to have realtime capabilities in my angular app,

  1. is that okay to connect firebase directly from angular app?
  2. is there any alternative way to have this realtime updates worked?
Frank van Puffelen
  • 565,676
  • 79
  • 828
  • 807
Giri
  • 451
  • 1
  • 4
  • 13

3 Answers3

4

Firebase is a mobile & web development platform. Although firebase sounds like a database only, it is not just a database. It's backend as a service. When you are communicating with firebase, actually you are not just communicating with a database and you are communicating with a REST API.

Isuru Lakruwan
  • 121
  • 4
  • 1
    so, is that a yes that I can add my credentials of firebase app to my angular app and connect it directly? – Giri May 23 '20 at 08:18
  • 1
    the short answer is YES. you may need to set up authentication based on your requirements. see the firebase documentation for more information. https://firebase.google.com/docs – Isuru Lakruwan May 23 '20 at 09:30
2

In some tutorials, the instructor says that the Front end should not talk to your database directly.

The instructor here is most likely talking about traditional databases, where indeed their security model usually doesn't match well with allowing direct access by end-users. With such databases it's common to set up a so-called three tier architecture with a server between the end-user application and the database, so that you can control in that server what data the users have access to.

Firebase's databases however (both its Realtime Database as Cloud Firestore) were created specifically to allow direct access from end-users. They integrate tightly with Firebase Authentication to allow identifying those users, and then have a built-in server-side security rules language that allows you to control what data each user an access. For example, you could say that each user can only access the data that they created themselves.

we have to provide our firebase credentials in our angular app

What you're referring to is most likely Firebase's configuration data. There are not credentials, but merely values that allow the Firebase SDKs to find your project on Google's servers. See Is it safe to expose Firebase apiKey to the public?

Frank van Puffelen
  • 565,676
  • 79
  • 828
  • 807
0

Regarding your first question is that okay to connect firebase directly from angular app?. It is totally correct to connect your Angular application directly to Firebase since it is not only acquiring data in real time, but also taking advantage of data already cached by firebase.

Regarding your second question is there any alternative way to have this realtime updates worked?. No, If you want to make updates in real time, you have to connect your application directly to Firebase.

Rafa Amo
  • 76
  • 6