Reputation: 177
Firebase URL security in phonegap mobile apps
How do we prevent abuse in case somebody knows the firebase URL in phonegap apps? They might not be able to perform complete operation but they can potentially cause harm or heavy traffic (recurring sign ups, just lots of API calls).
As phonegap apps would no longer be able to use the authenticated domain security in firebase, what is the technique to use?
I've been wondering about this for quite some time and couldn't figure out or find anything that clearly says how it's done.
Thanks!
Upvotes: 2
Views: 254
Answers (1)
Reputation: 4422
You are correct in saying that anybody can figure out your firebase URL. This is not specific to PhoneGap however. This is a key part of how Firebase works. And this should not be a problem for you. You can use our security rules API to prevent malicious users from reading or writing your Firebase data. The auth variable should come in handy for you for your use case.
I am not sure I understand what you mean by "authenticated domain security in firebase." Firebase security is client-independent and is enforced server-side. So, PhoneGap should be no less secure than other platforms.
Upvotes: 5
Related Questions
- Firebase Storage URL access only in my Firebase hosted website
- Firebase storage REST url access control of the https:// URLs
- Firebase how to authenticate user through native facebook app
- How can i make difficult for someone to discover my firebase url accessed from android?
- Do I need to store the Firebase url in a server side secure location? or does the Firebase security cover this?
- Firebase in Cordova/Phonegap: Log in using Email/Password from within app?
- How can I prevent other sites/apps from accessing my Firebase?
- Security Issue on Firebase
- Firebase security
- How do I handle the Firebase Simple Login for facebook callback in phonegap?