Reputation: 780
Firebase & User Profile "Security"
I am currently tackling an issue within my code, which somewhat relates to security. Not in the sense of payment or personal information, but more so just the "ownership" of someones profile.
Currently, a users basic information (name, email, bio, etc) is stored on Firebase, and all information is displayed publicly on their profile.
However, to decide whether the current owner logged in using Firebase Auth is the owner of the profile they are currently on, I run a basic if function.
if(this.userInfo.user_slug == this.$route.params.id && this.user)
then I set "can edit" to true. However, this feels... weak. Can someone just hop in, toggle that to true and get access to the ability to edit the profiles information, even if not the owner? And, if so what is the best/simplest way to make sure that the only person who can edit the profile is the one who is logged in and matchs it.
Thanks!
Upvotes: 0
Views: 28
Answers (1)
Reputation: 598787
Currently, a users basic information (name, email, bio, etc) is stored on Firebase, and all information is displayed publicly on their profile.
When using the Firebase Authentication client-side SDK, a user is only allowed to access and update their own profile information. Through these SDKs there is no way for them to read/write other user's information.
Upvotes: 1
Related Questions
- VueJs CRUD app and Firebase Authorization not working? Trying to shore up security rules for Auth Users
- Firebase Auth and Vue-router
- Role-Based Authentication vue js firebase
- How to manage Firebase Auth users from Vue js?
- Vue.js: How to protect login component from authenticated user
- Firebase auth not working using Vue and Vuex
- Firebase get current user password
- Authentification with just a password
- Extending Firebase Users
- How to use Firebase Authentication in Vue Native