1

I am building a small mobile app with react native.

My initial thoughts were, that it is safer to communicate with the database over a running nodejs backend server in order to avoid security risks due to direct connection between mobile and DB.

Now i want the clients to receive realtime updates from the DB and the only way that i can think of, is to connect the mobile app to the firebase realtime database and subscribe to changes without having any backend server between it.

Is this a good way to go or are there alternatives?

Sunderam Dubey
  • 1
  • 11
  • 20
  • 40
dzitrus
  • 119
  • 1
  • 2
  • 9

1 Answers1

2

Whether something is a good way is typically opinionated. But it is definitely possible to build a secure app that directly accesses the database, because you can control access to the data with server-side security rules.

For more on this, I recommend checking out my answer to Is it safe to expose Firebase apiKey to the public?

It might also be useful to check this video where we live-code a secure voting app.

Frank van Puffelen
  • 565,676
  • 79
  • 828
  • 807