This question already has an answer here:
Firebase custom domain name for database
(1 answer)
Closed 4 years ago.
Let say i have a firebase db at https://vivid-fire-id.firebaseio.com/.
So the browser will try to connect to vivid-fire-id.firebaseio.com particular domain.
Is there way to add a custom domain from which the db is accessed from?
For eg: https://firebase.mydomain.com
This is required to make sure that firewalls do not create problem while access our application.
api gateway can be one of possible solution. Google search reveals lot of info on api gateways
Treat firebase as a microservice.
Related
This question already has answers here:
Is it safe to expose Firebase apiKey to the public?
(10 answers)
Closed 3 months ago.
I've noticed that the API Key of Firebase can be easily accessed on the website I'm managing through url + firebase-messaging-sw.js. I've got mixed answers online when searching for this issue. Is this a security issue I should be concerned about? If so, how can I block access to this URL?
I've searched about the problem and got mixed kind of answers. So far, I don't know if it is a security issue, if blocking access to this URL will affect other things like notifications, or how would I block it in the first place.
The API key is safe to share. Puf has answered this in this stack overflow post.
The reason is that direct database access is the desired outcome in Firebase and security is implemented server side through the use of security rules.
This question already has answers here:
Is it safe to expose Firebase apiKey to the public?
(10 answers)
Closed 1 year ago.
In my Flutter web app, the credentials to access the Firebase backend are set in index.html and anyone who clicks "view source" can see them.
What's to stop someone from using that to spoof the client and get access to the Firestore database with their own code instead of the client that's meant to access it?
You will always have to leave a way for users to access your database - and thus also giving them some way to locate your database. You should write secure firestore security rules to govern the usage of your database. Users will always be able to access your database through other means than your front end. After all, your front end is just a portal for displaying the data in a user-friendly way. By however adding security rules you can limit the usage of your database to how it is intended.
This question already has answers here:
Firebase analytics from remote REST API?
(3 answers)
Is there any api for dashboard analytics data?
(1 answer)
Closed 2 years ago.
I am looking for an automated way to pull down the some of the high level usages statistics via an API or persistent csv location with credentials.
You can see that the linked image that firebase provides a 'data-export.csv' file, under the Analytics menu .
Is there a way to do this, either directly from Firebase via an API, or via an integration with Google Analytics (I assume is the backend to firebase analytics), or via say a clever python script? Reason being is we want to share some key info in organisational business intelligence reports.
I have scanned the forums without a clear solution or no its not possible. Any assistance or examples of success (or failure) experiences and approach would be appreciated? Thx
I know many ppl asked this question before. But they are answer years ago. Now it's 2020. Not sure if Firebase supports subdomain for each client now. Can anyone can give an update?
Link to the old question:
Firebase - Subdomain for each client
Wildcard domains (e.g. *.mydomain.com) are not yet supported by Firebase Hosting, and due to limitations of our Certificate Authority (Let's Encrypt), there are relatively low limits on the number of subdomains of a given domain that can have certificates minted in a given time period.
For now, the answer remains that this is not a use case that is supported well on Firebase Hosting, and we don't recommend using Firebase Hosting for massively multi-tenant custom domains at this time.
This question already has answers here:
Is it acceptable to leave a database (Cloud Firestore) unsecured when no site login is required?
(2 answers)
Closed 3 years ago.
I am working with log-in log-out management, and it turns out that it's quite important to use the FirebaseAuth for all operations. But since only I have the service account key and only I can alter how the app is working, I'm wondering how someone can read or write in my database other than what I've programmatically given to them within the app. Can someone help explaining this to me? I would be really glad.
If your security rules allow access to unauthenticated users, then anyone with an internet connection will be able to read and write the entire contents of your database. It will be especially easy with the Firestore REST API.
A judgement of how "bad" that is for your project is entirely up to you to determine.