user4691858
Reputation: 43
Firebase auth, is the user uid security sensitive?
I was wondering if getAuth().uid is sensitive/private in anyway? I am planning to use it on a user post something like: post.created_by: getAuth().uid. This makes writing rules/logic a lot easier.
The other way is to use the push id when the user is added to the database, which I'm trying to avoid.
Upvotes: 4
Views: 1167
Answers (1)
Umar Hussain
Reputation: 3527
No its safe to use the uid and recommended, firebase uses auth to authenticate the user and the assign the uid to identify the user across firebase.
You will be using uid in your security rules and as well as to identify user info in your db records. Manually creating another id will render the efficiency of firebase useless.
Upvotes: 6
Related Questions
- What is the security of the Firebase Auth REST API?
- Why use UID in Firebase? Should I use it
- is UID in firebase automatically created/read for each user?
- Firebase Database - Risks associated with exposing uid on the client side?
- Firestore Security Rules. Is it Okay for users to know peoples UID?
- Is it ok to show $uid, generated by Firebase Authentication?
- Is using the Firebase Auth user.uid as part of the url a bad practice?
- Is it secure that Firebase uid is used / revealed on browser?
- Can we provide our own uid for a Firebase database if we use our own authentication?
- Firebase security: uid and facebook.id