Is it safe to use firebase anonymous authentication in Ionic App?
Question
I want to develop an Ionic app for android and ios using firebase backend.
Requirement: 1. I want to use anonymous authentication silently so that user does not have to be worry about login. 2. I just want to display list of some items on the home page using Firestore api.
Question/Problem: 1. How does firebase will get to know that only the my app using the firestore get api. 2. If I am storing api credentials/secrets in my android app and if other user somehow knows these credentials, will that person be able to use api on behalf of my credentials and I will not be able to track the usage.
Top Level: If someone know my firebase api credentials/secrets, will that person be able to utilize my firebase quota in case I am using firebase anonymous authentication.
Thanks in advance.
1 answers
solution1
1 ACCPTED 2018-12-29 20:04:54
The settings you use to initialize the Firebase SDK are not "secrets". It's all very much public information that identifies your app from all the other Firebase apps out there. Every Firebase app has a similar set of public data. Once you publish your app, you should assume that everyone is able to see that data.
This means that anyone can use that data. That's why it's important to use Firebase Authentication along with security rules to make sure that people logged in can only make use of whatever resources you specify. That's the only way to lock down the data in your Firebase project. If you are concerned about security, then you should be thinking about your security rules from the very beginning.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.