Eric. M
Reputation: 170
Is storing Firebase user uid in session storage a vulnerability ? In javascript on client browser
Is storing Firebase user Uid in session storage a vulnerability ? In javascript on client browser after the user is logged in i use the user Uid to get data from firebase database
If this is a vulnerability what better way's can be used to identify user and get user's data from the database
storing data in storage after login:
handleLogin = async (evt) => {
evt.preventDefault();
await fire
.auth()
.signInWithEmailAndPassword(this.state.userName, this.state.password)
.then((u) => {
this.props.toggleLogin();
db.collection('login')
.where('loginId', '==', u.user.uid)
.get()
.then((res) => {
sessionStorage.setItem('loginId', u.user.uid);
});
this.props.history.push('/portfolio');
})
.catch((err) => {
console.log(err);
if (this.state.email === '') {
this.dialog.showAlert('Please enter a valid email');
} else if (this.state.password === '') {
this.dialog.showAlert('Please enter a valid password');
}
});
};
get UserId
let data = sessionStorage.getItem('loginId');
Upvotes: 0
Views: 177
Answers (1)
Joinwang
Reputation: 110
In any case, any storage in the browser is not safe. You can refer to vuex of VUE for data storage. You should avoid these problems at the server side. Users can open the console to view API requests and forge them, so the front-end security is really not good
Upvotes: 1
Related Questions
- Is using the firebase accessToken to identify users server side a secure method?
- Firebase auth, get uid before page loads instead of "null"
- Firestore uid not available after page reload
- How to persist user data in Firebase/React?
- How To Store Firebase Users Under UID
- Firebase Database - Risks associated with exposing uid on the client side?
- How can you persist a logged-in user with firebase?
- Storing Firebase Auth UID in Cookie while using Firestore - Is this secure?
- Firebase storing data to wrong user ID
- Is it secure that Firebase uid is used / revealed on browser?