An advance thank you to everyone who takes the time to read this and reply.
Please note I have searched the forum thoroughly and not found satisfactory answers.
First I will explain about my app. I am developing a chat app in which you can chat with random people anywhere in the world. Everything is completely anonymous.
You open the app and press the CHAT button. This will put you into a chat room with another user so you can have a one-to-one chat. All chat rooms currently only support 2 people. This way you can have more intimate conversations.
All chats are via Firebase. So when User 1 writes a message it is uploaded to Firebase and shows on User 2’s phone. When User 2 writes a message it overwrites the existing message (by User 1) in Firebase and the new message is shown on User 1’s phone. A chat history is therefore only stored on the phones themselves. The only thing Firebase stores is the latest message.
Now for my question:
At the moment the Firebase Rules are set to public so anyone can read and write. Apparently this means anyone access the database. However, I am not storing any user information on Firebase. The only thing that is stored is the latest message. What should my rules be?
I have a few other questions but I will ask them depending on the answer to this.
You can keep your rules to read and write true.
No one can modify your firebase database without you and without api key.
Thank you for your reply.
So does this mean that there are only 2 ways to hack into my Firebase account:
By hacking my actual Google account that is linked to Firebase. For this a hacker would need my google user name and password.
Using the api key.
Is this correct?
If so please tell me what the api key is as I have not used one.
API key is provided by firebase to access the database.
When you get started with firebase by creating account, your api key is generated.
You have to copy and paste it in your app.
Search ‘firebase database in Kodular’ on YouTube, you will get step by step guide on how to set up firebase in Kodular app.
Is the api same as the Firebase url?
Because if so, then I already have that.
Nope! You can find firebase api key at setting, like this:
I’ve found the Web API Key.
However, I haven’t used it in my app and can’t see anywhere for me to put it in the designer or blocks. All I’ve used is the url and the app seems to be working.
You use the API key to use the firebase database. You should put it here:
Which bit do I put it in? There’s nowhere there that asks for API Key.
It’s the firebase token at firebase database component
So Firebase Token in the designer is the same as the Firebase Web API Key?
When I added Firebase component to my app it already had Firebase Token filled in. Why was this?
And does it mean I need to put my own API key into the Firebase Token?
Yes firebase token its the same of API key and you need to put your own in that box. The number that is alredy there is a random number (I think).
What will happen if I use the one that is already provided?
Don’t have idea, but I guess that something will not work. The API key of firebase would not exist if that from kodular works.
It’s strange because I’ve been using the Token provided by Kodular when you add the Firebase component and my app works. The chat system works fine.
Also the Web API is much shorter than the Token so I’m not sure that you put the Web API in the Firebase Token box in the designer.
I’ll create a new topic later on about the Token because I’ve got some questions about it.
Thats why i asked you to search about firebase database in Kodular’ on YouTube.
For new user, it is difficult to understand about online databases. I have also learnt about firebase from YouTube videos.
There are lots of tutorial videos which tells you how to set up all step by step.
This might help you:
Thanks, I’ll watch that later.