Home Is non displayed data secure in firebase snapshots?
Reply: 1

Is non displayed data secure in firebase snapshots?

Raim Khalil
1#
Raim Khalil Published in 2018-02-14 07:12:28Z

In my firebase app, a users feed is populated with posts, however the usernames of the posts are displayed. However, the username is inside of the snapshot, but there is no place where it is displayed in the app. Is it secure to have the username transferred to the client's device if they are not supposed to be able to access it? Would it be better to remove the username from the snapshot in the posts node and instead create a separate node which has the username for each post, accessing the username each time it is needed so that when a users feed is populated the username is not sent in the snapshot?

Frank van Puffelen
2#
Frank van Puffelen Reply to 2018-02-14 07:28:46Z

Any data that is transferred to the device, can be accessed by the user on that device. If you want certain data to be non-accessible, don't transfer it to the client.

A common way to do this is to make an extra node that contains only the information that is publicly readable. For some example of this, see:

  • Firebase: How to structure public/private user data
  • How to create public/private user profile with Firebase security rules?
  • How to create public/private user profile with Firebase?
  • Make a public profile and a private profile in angular 4+
You need to login account before you can post.

About| Privacy statement| Terms of Service| Advertising| Contact us| Help| Sitemap|
Processed in 4.147151 second(s) , Gzip On .

© 2016 Powered by mzan.com design MATCHINFO