I am developing a desktop application and I need to integrate some firebase features. To make it work, I need to add the service account key file. What if one of my users knows how to use it and messes up my database? How can I prevent that? Can I access firebase with no external file? (I'm working in python)
CodePudding user response:
Firstly, you can just set your rules properly.For example, you can set authentication-only rule for the admin features.
Secondly, you can simply crypt serviceaccountkey,with local database (such as sqlite)
CodePudding user response:
The SDK that Firebase provides for use with Python code is an Admin SDK, which means that it gives the code elevated, administrative access to the Firebase project. Since you want to give the app to non-administrators, you won't want to use the Admin SDK as those users (as you said) can then execute any code they want against your project.
This means that you options to access Firebase from your Python app are limited to using the REST API, either directly, or through a third-party wrapper library such as Pyrebase or Python-firebase.