I am storing the users uid (who log into my app) in my firebase database. I hope this approach is correct.
I'm now thinking of using this uid so if users want to share something in their app it'll create a link like myapp.com/uid/data for example. and then when someone else accesses this link, it'll make a call to firebase to get all the relevant data under the correct uid.
however, that means that person A could see person B's shared url and thus see what their uid is. I'm wonder if this is a safe practice or if there is a better way to be able to do this? of course I could randomly generate a link but then that leaves me with the issue of not being able to easily access the correct data in the firebase database as I have no reference point
could an attacker access firebase data with this random uid? even if my security rules are locked down to be
"users": {
"$uid": {
".read": "$uid === auth.uid",
".write": "$uid === auth.uid"
}
}
