Exadra37
Firebase - Why Firestore Encourages Bad Security?
What is Firestore?
Firestore is one of many products in the Firebase product line. Firestore is a document-based NoSQL database. Firebase Auth integrates with Firestore to provide authentication/authorization functionality.
Why Firebase?
The benefit of using Firestore is that developers don’t have to deal with the hassle of managing servers, creating a backend, or scalability. All of that is handled by Firebase. As such, Firestore is often used by frontend developers.
Conclusion
Firestore is fundamentally flawed. By eliminating the logical layer, Firestore makes it nearly impossible to use it securely. Firestore security rules are an inadequate band-aid solution and cloud functions defeat the purpose of using Firestore.
There are very few situations where Firestore will be an adequate solution. I’d only recommend using it only extremely small and simple applications or mock applications, but even so, you may run into security limitations.
Popular General Dev topics
Other popular topics
Sponsor Spotlight
Practical resources that improve the lives of professional developers.
Latest in Security
Categories:
Sub Categories:
- All
- In The News (10104)
- Dev Chat (200)
- Questions (32)
- Resources (118)
- Blogs/Talks
- Jobs (3)
- Events (15)
- Code Editors (58)
- Hardware (57)
- Reviews (4)
- Sales (15)
- Design & UX (4)
- Marketing & SEO (1)
- Industry & Culture (14)
- Ethics & Privacy (19)
- Business (4)
- Learning Methods (4)
- Content Creators (7)
- DevOps & Hosting (9)
Popular Portals
- /elixir
- /rust
- /ruby
- /wasm
- /erlang
- /phoenix
- /keyboards
- /rails
- /js
- /python
- /security
- /go
- /swift
- /vim
- /clojure
- /emacs
- /haskell
- /java
- /onivim
- /svelte
- /typescript
- /crystal
- /c-plus-plus
- /kotlin
- /tailwind
- /gleam
- /ocaml
- /react
- /elm
- /flutter
- /vscode
- /ash
- /opensuse
- /centos
- /php
- /deepseek
- /html
- /scala
- /zig
- /textmate
- /sublime-text
- /debian
- /nixos
- /lisp
- /agda
- /react-native
- /kubuntu
- /arch-linux
- /ubuntu
- /revery
- /django
- /manjaro
- /spring
- /diversity
- /nodejs
- /lua
- /julia
- /c
- /slackware
- /markdown
Devtalk Sponsors
Practical resources that improve the lives of professional developers.
We build trusted fault-tolerant systems that scale to billions of users.
Real-time error tracking, performance insights, and observability for devs.
Develop your skills with books, videos, and courses.
Catch errors, track performance, monitor hosts and more.
Enabling companies to succeed by building software people love.
Courses that'll move you from confusion to "Aha, now I get it!"