Reputation: 23
Is Firebase firestore SDK secured using Reactjs?
My concern is I found logs in console exposing the path to the database and this might cause a security breach. Any idea about this?
Upvotes: 0
Views: 136
Answers (1)
Reputation: 83103
If you correctly secure your database with Security Rules (together with Authentication in most of the cases, resulting in a full authentication/authorization mechanism), this is not a security breach.
It is normal to include, in your client side code, the paths to some Firestore documents or collections, since, in the Firebase model, the client directly interacts with the DB (in contrast to "old" three tiers architectures in which there is a middleware tier in the middle).
So it is possible, for the app users, to get those paths (through logs or by reverse engineer the app) but as soon as the DB is correctly secured this is not a problem.
Note that this discussion is a bit similar to the discussion on Firebase apiKey and security, see https://stackoverflow.com/a/37484053/3371862. As explained by Frank in this answer, "it is necessary for (the client app) to know it (i.e. the Firebase apiKey), in order for (the client app) to interact with your Firebase project". With Firestore paths it is the same: it is necessary for your client app to know which documents and/or collections it needs to interact with.
Upvotes: 1
Related Questions
- React access to firestore
- Firebase v9 JS SDK secure to use on client side?
- Protecting Firestore without requiring authentication
- Google Firebase authentication in ReactNative App
- React Native authentication and cloud Firestore for web apps
- What's the proper way to use Firebase Authentication along with Firestore?
- React-Native App access Firestore with Google gmail authenication
- React with Cloud Firestore
- Using react with cloud firestore
- General Security Issue - Can my database be accessed from my source code using firestoreConnect (react-redux)?