I plan on creating an application on flutter that uses firebase auth and cloud firestore. My plan is to create a user and the use the user's uid(iser id) to store and modify data in the database. So a specific id refers to a specific user. I wanted to know if it is safe to directly save the user id in the flutter app after the user login because if someone were to somehow get access to the user id they would have access to their data in the database.
Asked
Active
Viewed 453 times
0
Peter Haddad
- 78,874
- 25
- 140
- 134
Favour Francis Essien
- 69
- 1
- 4
-
no need to use all caps in your question title, people don't take kindly to it, best to just change it to a normal sentence structure – a_local_nobody May 13 '22 at 09:01
1 Answers
1
Would advise to use your custom ID along side with UID. When your app grows, you don't want to be sharing the UID or passing it around. Also while setting firebase rules, you'll be referring to UIDs, which should be kept private.
generate a random string for the ID.
And for sensitive user data, set a rule in firestore, to only allow reading of the document if request.auth.uid == user.uid. This will prevent unwanted access. Read up a bit more on firestore rules, might be relevant for your use case.
Huthaifa Muayyad
- 11,321
- 3
- 17
- 49