All geek questions in one place

How to implement firebase server-side protection

I am currently working on a new Google web app for advertising and wondering if firebase should be used as backend / db. I looked at the project, made some test applications and really liked it! But in order to fully convince me that firebase is the way to go, I need to answer the following questions:

  • I'm a little concerned about security. So, I know that firebase uses read, write, and validation for server-side security. From the samples, I noticed that validation is basically a single-line JS script, which is an "if". Since I plan to create a web-based e-commerce application, I need to check the veracity of some materials. Is it possible to outsource validation in a separate file to make it more readable? Also, I thought, if possible, to check these checks on the server side, for example, unit tests?

  • At the moment, I'm not 100% sure that firebase can cover all of our use cases. Would it be possible / good solution to use a “normal” backend for some critical functions and then save the data from the backend in firebase?

  • I saw some good polymer elements for firebase. Is firebase 100% supported in polymer / web components?

  • Is there any other way (e.g. Java approach) for implementing server business logic?

  • Is there a way to define upgrade scenarios so that new releases can easily be ported to production?

Thank you and good wishes.

Mark

+4
source share
1 answer

So, I asked supbt firebase and got the following answer:

.

  • . , , firebase , . , JS script, "if". - , . , ? , , , , ?

, . REST API. , JSON.

  1. 100%, firebase . / "" , firebase?

, Firebase SQL , . , .

  1. firebase. firebase 100% /-?

, 100% . SDK JavaScript, .

  1. (, Java) - ?

SDK Java, Objective-C/Swift, Android, Node.js, JavaScript REST API .

  1. , ?

, . , , - .

, !

:

, ! №5 : ... 5. , ? , . , , - .

? - ( ..) ... , . JS, , ? , ...

: 1.0 , . 3 , : address, " null". 2.0 , , ( 1.0) .

?

:

, ,

, . , JavaScript. , , .

- :

{
   "user": {
       ".write": "newData.hasChild('address') || newData.child('appVersion') < 4",
       "address": {
            ".validate": "newData.isString() && newData.val().length < 1000"
       }
   }
}

, , .

, , - . , , ( ). , , , .

, , , , . , , , (, UserProfile getter/setter), , .

, -:)

+4

Source: https://habr.com/ru/post/1607878/

More articles:


All Articles