Reputation: 8427
Is it possible to intercept and read firebase data?
I'm in this project in which I access firestore through AngularFire2, so this doubt bothers me a bit.
Let's suppose that I'm using valueChanges method, but I only need one document, so I make a client side filter despite fetching the whole collection. The other documents may contain private information. Can the user access their data through a proxy or variable mapping (I don't know hacker techniques), or they're encrypted?
Upvotes: 1
Views: 565
Answers (2)
Reputation: 317467
If a document is returned to the client as part of a query, that means it will be loaded into memory at some point, unencrypted. If your app is running on a compromised device, or the user of that device has "root" or "admin" access of some sort, the memory could be dumped in that instant, and the contents of the documents exposed.
If the user can't be trusted to read a document under any circumstance, then you should be using security rules to prevent that user from reading the document.
Upvotes: 2
Reputation: 18565
Any response data passed to the user can be read/viewed client side. Security Rules are how to restrict access to data. This is how it practically works and should be fine.
Upvotes: 1
Related Questions
- Analysis of Firestore reads
- How to get Firebase secure data from angular or any other web platform
- Can we listen specific key value changes in firestore angular
- get data with angular firestore
- How to query firestore w.r.t realtime?
- get data from angular firebase firestore database
- retrieve data from Firestore as json
- Read document from AngularFireStore
- Angular & AngularFire 5 Retrieve Data From Document
- Reading data from firebase in angularfire