Exadra37

Exadra37

Firebase - Why Firestore Encourages Bad Security?

What is Firestore?

Firestore is one of many products in the Firebase product line. Firestore is a document-based NoSQL database. Firebase Auth integrates with Firestore to provide authentication/authorization functionality.

Why Firebase?

The benefit of using Firestore is that developers don’t have to deal with the hassle of managing servers, creating a backend, or scalability. All of that is handled by Firebase. As such, Firestore is often used by frontend developers.

Conclusion

Firestore is fundamentally flawed. By eliminating the logical layer, Firestore makes it nearly impossible to use it securely. Firestore security rules are an inadequate band-aid solution and cloud functions defeat the purpose of using Firestore.

There are very few situations where Firestore will be an adequate solution. I’d only recommend using it only extremely small and simple applications or mock applications, but even so, you may run into security limitations.

Where Next?

Popular General Dev topics Top

emoragaf
Hey all, I blogged about using pattern matching to replace conditional checks (post in Spanish)
New
AstonJ
This talk by @wolf4earth was posted in a thread about pull requests, but it warrants a thread of its own :blush: As Sascha highlights, b...
New
ErlangSolutions
If you were unable to join us recently for Code Mesh V conference you can catch up with our full suite of talk videos, QandA sessions and...
New
New
Exadra37
https://nscrutables.medium.com/fbi-foia-response-sheds-new-light-on-infamous-hacktivist-pentagon-incident-a44a318b4a46 This piece will ...
New
wmnnd
Here’s the story how one of the world’s first production deployments of LiveView came to be - and how trying to improve it almost caused ...
New
ragamuf
I am not breaking any news by acknowledging that Slack is one of my favorite asynchronous communication tools to get work done as a softw...
New
fredwu
Hi folks, I wrote a blog post the other day on how I built my MVP in 3 months whilst having a day job, using Elixir/Phoenix/LiveView. Th...
New
SubeeTalks
Agent Workflows offer a solution to automate repetitive business tasks traditionally handled by knowledge workers, enhancing operational ...
New
lawik
I share my continued thoughts and plans for whacking parts of the Elixir ecosystem together to see if I get sparks.
New

Other popular topics Top

AstonJ
If it’s a mechanical keyboard, which switches do you have? Would you recommend it? Why? What will your next keyboard be? Pics always w...
New
AstonJ
Just done a fresh install of macOS Big Sur and on installing Erlang I am getting: asdf install erlang 23.1.2 Configure failed. checking ...
New
AstonJ
If you are experiencing Rails console using 100% CPU on your dev machine, then updating your development and test gems might fix the issu...
New
DevotionGeo
The V Programming Language Simple language for building maintainable programs V is already mentioned couple of times in the forum, but I...
New
mafinar
This is going to be a long an frequently posted thread. While talking to a friend of mine who has taken data structure and algorithm cou...
New
AstonJ
Was just curious to see if any were around, found this one: I got 51/100: Not sure if it was meant to buy I am sure at times the b...
New
Help
I am trying to crate a game for the Nintendo switch, I wanted to use Java as I am comfortable with that programming language. Can you use...
New
husaindevelop
Inside our android webview app, we are trying to paste the copied content from another app eg (notes) using navigator.clipboard.readtext ...
New
PragmaticBookshelf
Develop, deploy, and debug BEAM applications using BEAMOps: a new paradigm that focuses on scalability, fault tolerance, and owning each ...
New
PragmaticBookshelf
Get the comprehensive, insider information you need for Rails 8 with the new edition of this award-winning classic. Sam Ruby @rubys ...
New