Exadra37

Exadra37

Firebase - Why Firestore Encourages Bad Security?

What is Firestore?

Firestore is one of many products in the Firebase product line. Firestore is a document-based NoSQL database. Firebase Auth integrates with Firestore to provide authentication/authorization functionality.

Why Firebase?

The benefit of using Firestore is that developers don’t have to deal with the hassle of managing servers, creating a backend, or scalability. All of that is handled by Firebase. As such, Firestore is often used by frontend developers.

Conclusion

Firestore is fundamentally flawed. By eliminating the logical layer, Firestore makes it nearly impossible to use it securely. Firestore security rules are an inadequate band-aid solution and cloud functions defeat the purpose of using Firestore.

There are very few situations where Firestore will be an adequate solution. I’d only recommend using it only extremely small and simple applications or mock applications, but even so, you may run into security limitations.

Where Next?

Popular General Dev topics Top

emoragaf
Hi again, this time I blogged about creating a development environment for elixir using Docker (post in Spanish)
New
Exadra37
I came across a video where the Vice Chairman of Morgan Stanley, Carla Harris was interviewed…. She said something that struck my nerves...
New
AstonJ
This talk by @wolf4earth was posted in a thread about pull requests, but it warrants a thread of its own :blush: As Sascha highlights, b...
New
wmnnd
Here’s the story how one of the world’s first production deployments of LiveView came to be - and how trying to improve it almost caused ...
New
ragamuf
I am not breaking any news by acknowledging that Slack is one of my favorite asynchronous communication tools to get work done as a softw...
New
fredwu
Hi folks, I wrote a blog post the other day on how I built my MVP in 3 months whilst having a day job, using Elixir/Phoenix/LiveView. Th...
New
abhi9u
This article goes in depth coverage of memory management implementation in CPython and takes the reader through the source code to show h...
New
lawik
One of the Erlang ecosystem’s spiciest nerd snipes are hot code updates. Because it can do it. In ways that almost no other runtime can.
New
chiroptical
Starting a series on lexing and LALR-1 parser generators using leex and yecc. The series is really focused on the “by example” part since...
New
lawik
This is my conference report, as the organizer. Lots of nice pictures by Petter Boström. Lots of good feels from the community.
New

Other popular topics Top

PragmaticBookshelf
Andy and Dave wrote this influential, classic book to help their clients create better software and rediscover the joy of coding. Almost ...
New
dimitarvp
Small essay with thoughts on macOS vs. Linux: I know @Exadra37 is just waiting around the corner to scream at me “I TOLD YOU SO!!!” but I...
New
AstonJ
Continuing the discussion from Thinking about learning Crystal, let’s discuss - I was wondering which languages don’t GC - maybe we can c...
New
PragmaticBookshelf
Author Spotlight Mike Riley @mriley This month, we turn the spotlight on Mike Riley, author of Portable Python Projects. Mike’s book ...
New
PragmaticBookshelf
Author Spotlight Rebecca Skinner @RebeccaSkinner Welcome to our latest author spotlight, where we sit down with Rebecca Skinner, auth...
New
husaindevelop
Inside our android webview app, we are trying to paste the copied content from another app eg (notes) using navigator.clipboard.readtext ...
New
PragmaticBookshelf
Programming Ruby is the most complete book on Ruby, covering both the language itself and the standard library as well as commonly used t...
New
New
New
CommunityNews
A Brief Review of the Minisforum V3 AMD Tablet. Update: I have created an awesome-minisforum-v3 GitHub repository to list information fo...
New