I used firebase database in my app but anyone who has firebase token and URL can read,modify my database and it’s really easy to get firebase token id and URL from app so how do I make it secure so if someone has my URL and token id then also they won’t able to read and write in my database.
So you can use obfuscated text to encode the firebase url and api key
You mean that only 
this is enough and no one can decrypt it?
No.
There are many software available that catches the http requests sent by the app. So probably there is no way to hide the firebase URL from others as it would be exposed there.
You can secure your database with rules and can make it according to your needs.
2 Likes
I don’t think it’s a solution because there is many software available which can decode … I extracted the Firebase token and URL from deephost app but when I inserted his token and URL in my app it showed Permission denied so can’t we do the same in our app too?
Did you read this above?
Then use firebase rule as said by sumit
So what should be the rule? Currently I made read and write = true because I have used both get value + store value block in my app
Take a look at this docs :
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.