How can I ensure my project ownership is secure in Google Firebase? - firebase

I am a beginner to Firebase as I've had a project (web-app) built for me by a developer on Fiverr.
Said website is hosted on firebase and connected to a custom domain.
The ownership has been transferred to me and I now own the project and it's custom website domain.
If thereotically a developer I work with in future wanted to "take over" my site is there any other protections I can put in place?
I just dont know if what I've mentioned above is enough.

Near project overview, you have an icon ⚙ > Project settings > User and Permissions. There should be your email address with role as owner. If there is a programmer, you can just remove him. But remember, you might not find a second one willing to change something in this code. And if you do, it might cost more.
If you're afraid he might be hacked and someone will delete your project, speak with him and give him a viewer role and just change it when you need some changes on your app.

Related

Wordpress/Woocomerce plugin for upload/download files client & admin

new here, don't know if I'm doing this right but thought I may ask here. I tell you about the project real quick.
I'm developing a WordPress and Woocomerce website where the product is to request several electricity contracts (some paid, others not) where the clients need to upload a number of documents for us to do said contract. We, the site admins, need to download the client's documents and, once they are greenlight, ready, confirmed, we will upload them back again for the user/client to download. Also, we need this documents to be accesible to the client via their My Account page.
I have struggled so much to find a plugin that does this. I've found tons of file management plugins but those show the root folder of the server and we don't that. Don't know if you guys can recommend me a plugin that does something like this. Maybe one that uses s shortcode? Any help is very much welcome!

How to move custom domain from one firebase project to another without downtime?

I have a firebase project that serves live users through a custom domain. I need to move the custom domain to the new version of application that is running in a different firebase project. If I delete the custom domain and add it in another firebase project, how much time will it take to reflect the change? How do I minimize the downtime?
Checked with Firebase support. This can be done without downtime. Here are their instructions:
To delete your custom domain from the project, follow these steps:
Go to the Firebase Hosting console for your project, you will see
your domain.
Hover over your domain.
There's an overflow menu (three vertical dots) on the right. From the overflow menu, select "Delete Domain"
When you delete a domain, we don't immediately remove the domain from
our backend. This is because most of the time developers are moving
their domains from one project to another, and this feature allows us
to re-provisioned the SSL certificate quicker.
I was able to delete and add the domain to another project without any downtime. Thanks to the firebase team for being so thoughtful.
If it is just about moving the custom domain (no user sessions), and making a couple of other assumptions, like: the account used to verify the custom domain belongs to both Firebase projects, and that same account will move the domain, the change should be almost immediate, close to zero downtime. You should give it a try with a test domain, it's pretty straightforward.
If the goal is to have zero downtime, better ask Firebase Support to see if it's doable and how to do it.

How to remove myself from a Firebase project

I decided to try Firebase. When I go to the console, I not only see my own project, but two projects that I never created or was supposed to have access to:
Those projects seem to be created by a "Rohit Travel & Tours". I can see some of the details:
When I go to Google Cloud's resource manager, sure enough, the project is also there, along with a few "My First Project" projects that seem to belong to the same people:
I'm not sure why I got access to this. It's either a dangerous bug, or a clueless admin that added one of my emails to the project.
I'd like to remove that project since it's just clutter. However, I can't find a way to remove myself from the project, and since I don't have any kind of admin access, there's nothing I can actually change there. In fact, I can't find my account listed on any of the role/member fields either, so I'm not sure what's the real story there.
So far the admin emails listed on the accounts have been unresponsive when I requested that my account be removed.
There's no way to contact Google Cloud to request that either. Apparently the only way to contact them is with a paid support account of some kind.
So my question is: is there a way for me to ever remove myself from these accounts, so I don't see them on my panels, especially the Firebase dashboard?
Or am I stuck with these app accounts forever?
When such projects show up for me, it's usually because someone added a group that I'm a member of (like all#company.com) as a collaborator to that project. If that is the cause, there is no way to remove me/you as an individual user. One of the owners on the project will have to remove the overly broad group, and replace it by either a better targeted group or by the individual users.
Also see:
How do I remove myself from a project in the Google Developer Console?

Requesting extra permissions through Google sign in on Concrete5

We are currently trying to use Concrete5 to create an internal Intranet for the company I work for (this is a web-based server). What we would like to do is allow our employees to sign in using their Gmail and be able to see their personal calendars amongst other things on sign in.
I would like the employees to just sign in once, get automatically asked for granting permissions during the login, and then be taken to the home page.
I'm having trouble figure out how to modify Concrete5's built-in Google login to request these scopes. I am pretty bare-bones in my PHP knowledge and no amount of Google searching has really answered my question specifically for modifying the authentication for Concrete5.
So to sum up my question:
How would someone go about modifying Concrete5's Google authentication to request additional permissions? We are using 5.8.3 and are always updating as necessary, so modifying the core is not really an option to prevent overwrites in the future.
The best way to do that would be to copy the core Google login system to create a new one. You could call it Google Custom or anything you want. You could include it in the folder application/authentication or in a package, with the appropriate modifications.
But to be honest, if you're bare-bones in your PHP knowledge, it all might be a bit too difficult to achieve

Single username/password for MediaWiki+phpBB+WordPress

I am building a web consisting of MediaWiki and phpBB as its subcomponents. Also WordPress may be added in future. My current problem is to choose a single unified authentication method (not to force users to have a special MediaWiki account, a special phpBB account, etc.).
Which approach would you recommend me? The basic limitation is that it is a simple LAMP server (no LDAP database). Possibilities I know about:
Use a decentralized protocol such as OpenID, OAuth 2.0, etc. I would prefer this approach. However, OpenID is not supported by Google any more so OAuth 2.0 would be probably more appropriate.
Use DB of users from phpBB and install some plugin to other subcomponents (MediaWiki extension for phpBB auth.)
Use DB of users from MediaWiki and install some plugin to phpBB.
Use some specialized web application for user credentials management and install plugins both to MediaWiki and phpBB.
I think the main point you already understand: You need one of your new platforms to be the central user store. The problem you know have to find out:
What platform has the plugins to interact with each other? It's possible, that you find plugins, that only works "in one direction", and for mediawiki itself you will find a log of outdated extensions, that maybe won't work anymore with the latest mediawiki versions and updates.
The other point is, that you should think about WordPress now, too. After you selected one central user store you mostly can't change it with a lot of work, so I would check for an integration of WordPress now, too.
Looking at that and a short search i wouldn't prefer MediaWiki to be the central user storage, and i'm not sure, if phpBB is the best solution, too :/
I think one of the best would be to use LDAP, extensions and plugins seems to be supported and working for the latest versions of each software. You yould have a central user store, which could be easily integrated in other applications, too. What is the reason you can't use it, an LAMP stack could handle this, too?
The second solution i would consider to choose is to use Google's user store and access it vi OAuth 2.0. MediaWiki, phpBB and WordPress supports this with plugins and/or extensions.
At the end of the day a login is a login is a login. All the custom fields specific to individual applications can be properly bridged with plug-ins. Make the app that will require the most babysitting your main database and thus login system. In many cases it's the forum, but that really varies by site.
I would caution that many new forum admins eventually want to upgrade from phpBB to something that's more powerful and modern. I was one of those admins. Yes, phpBB is as good as an open-source forum gets, but it just doesn't compete with the commercial forum apps. So keep that in mind if you make phpBB your main database.

Resources