Home > OS >  Firebase security concern
Firebase security concern

Time:10-21

In my Flutter web app, the credentials to access the Firebase backend are set in index.html and anyone who clicks "view source" can see them. What's to stop someone from using that to spoof the client and get access to the Firestore database with their own code instead of the client that's meant to access it?

CodePudding user response:

You will always have to leave a way for users to access your database - and thus also giving them some way to locate your database. You should write secure firestore security rules to govern the usage of your database. Users will always be able to access your database through other means than your front end. After all, your front end is just a portal for displaying the data in a user-friendly way. By however adding security rules you can limit the usage of your database to how it is intended.

  • Related