0

I'm designing a Firestore database for a Facebook-like, social media app and giving the users the option of posting publicly (name included) or anonymously. I had planned on putting all the posts in a top-level collection and using a uid field so users could retrieve and edit their own posts. However, it occurs to be that these uids would be pulled down when users read anonymous posts, so vulnerable to hacking? (e.g., finding non-anonymous posts with the same uids and exposing the user.)

So, now I'm thinking I'll keep the posts as subcollections of the user so that a uid isn't required.

Is my security concern valid? If so, is subcollections the better/best approach?

EDIT: My question is not a duplicate of this question or this question because it's asking about keeping user's anonymity, not editing their data.

buttonsrtoys
  • 2,359
  • 3
  • 32
  • 52

1 Answers1

2

Your point is right - the user ids could be exposed via initial method. There are several methods to approach this based on your solution.

All posts in users/{uid}/posts/{pid}

I wouldn't rate it the best method as it would require you to query all subcollections of user/post to show a "news feed".

Keeping the current structure & setting userid to anon

You can keep the current structure & set user id to anon in the document. This wouldn't let the OP edit his own anonymous post. To fix that, we can have another subcollection in users/{uid}/posts/{pid}. That would contain a "link" to posts/{pid}

This method is a combination of both of your methods.

frunkad
  • 2,433
  • 1
  • 23
  • 35
  • Thanks @frunkad! I think firestore's new-ish db.collectionGroup('posts') solves this limitation of querying subcollections does it not? E.g., I don't see use cases where I'd want to query anonymous posts by user but I would want to query across all anonymous posts for most recent posts – buttonsrtoys Oct 03 '20 at 14:44