I’m making a chat app that will allow 2 people to chat in private. There can be many users at the same time, but people will be paired together into separate chatrooms.
Currently my Firebase rules are set to read true and write true. In other words they are set to Test Mode.
Firebase will only save the messages. Users won’t use their real names, locations, photos etc. It’s all purely anonymous.
Nobody says “No” to more security I don’t know if it is necessary, but if you can and if you know how to protect your database, then do it. So fewer data will be affected after someone attacks to your data. It would be nice for you and users with more security.
Perhaps someone could disrupt a private chat but even then I’m not sure how.
Also I’m not really sure how to protect the database - I know I can change the rules. But I don’t understand what to do in Kodular blocks. I’m still trying to figure it out but the documentation is sadly lacking.
that is not true your can work with a seconf firebase extension to make you database safe.
You have to use booth auth extension to make your database safe. There is also a video in youtube out there.
I have no linkin the moment I need it also so i have to search for the post with the video link or the thread with the description where you see the bloicks and how to use it.
So with the auth extension we have user token and with this token we can use firebase more secure. Thanks guys i miss it. I hope Kodular add support to own component.
What is token lifetime? When its expired? If i make a Single account for all users can i use same token without problem?
NEVER, BUT NEVER forget proper security rules! I recently was able to hack a friends app just because the poor encryption & firebase rules. So, wrapping up, yes.
Thank you very much guys for all your input. I’ve now managed to add security and it seems to be working.
I now have one thing that I can’t figure out - say a user forgets their password, how can they reset it?
This is also related to a user clearing their cache or deleting their app and reinstalling it - firebase will show the email exists if they try and sign up again using the same email.