Avoid using Firebase from the Chrome console

Navigation
0

How to avoid running Firebase methods within the Chrome console or any other browser.

By having a webpage that uses Firebase , any user familiar with the methods of Firebase , could create / modify users or record data, etc.

For example, if someone inserts the following lines in the console: 

firebase.auth().createUserWithEmailAndPassword('[email protected]', '1234').catch(function(error) {
  // Handle Errors here.
  console.log(error.code);
  console.log(error.message)
  // ...
});

A Firebase user will be created. The same can be a snippet to create a reference in the Database or even delete the entire database (especially if it is a registered user).

Is there a way to disable the use of the console or to inject some Firebase so that it is not global?

    
asked by Fernando Magrosoto 01.09.2017 в 19:17
source

1 answer

0

You can not limit the functionality of creating an account, you can disable providers (email, twitter, facebook, etc). But the ability to register an account must be kept public (unless you add them manually by the console).

This does not mean that the database is accessible and editable for anyone. Firebase has security rules that can be defined in the Firebase console and that can limit typing and even the reading of any node in the base. With these rules you can for example limit:

  • Only users in a list of administrators can view or edit certain nodes.
  • That a user can only see and write data within HIS node.
  • That a user requires a validated account to upload data.
  • limit the files that can upload / view those users to Firebase Storage.

I hope it serves you.

    
answered by 08.09.2017 / 16:39
source
Problem with Chrome download icon how to make a multi update in php?