All geek questions in one place

Firebase Security

I am developing an Android application.

I just want to create a Firebase object with some kind secretso that it can only be used in my code.

Now everyone can access and change my details. How to avoid this?

I tried to do something like this on rules:

{
    "rules": {
        ".read": true,
        ".write": "auth == 'somepass'"
    }
}

But where do I put this line in the link?

How am I just doing this? I do not want to authenticate users, but the application.

+4
source share
1 answer

Take a look at this: https://www.firebase.com/docs/security/api/rule/auth.html

You need to create a server-side token to authenticate your user.

node.js, :

var FirebaseTokenGenerator = require('./firebase-token-generator-node.js');
var tokenGenerator = new FirebaseTokenGenerator(YOUR_FIREBASE_SECRET);
var token = tokenGenerator.createToken({'passKey': 'somepass'});`

:

{
    "rules": {
        ".read": true,
        ".write": "auth.passKey == 'somepass'"
    }
}

, . .: https://www.firebase.com/docs/web/guide/user-auth.html

, !

+4

Source: https://habr.com/ru/post/1545390/

More articles:


All Articles