AppId and Client Key equivalent for IOS and Android

[mohacs]

Hi guys,

Since Parse is going down I am looking for replacement for it. Firebase looks fit for my requirements however I couldn't understand how to secure my data? I read all security and rules section of the documentation couldn't see anything related AppId and ClientKey or something equivalent. 

I have perfectly understand how to secure data with rules against unauthorized requests but my point is what if someone register as a user, write a couple of line code and then leech all the data. it is pretty easy since there is no protection. 

AppId and ClientKey is not 100% secure but if you obfuscate them well. It is something! 

My question is: Can I implement something like id and key?

Thanks in advance.

[Kato Richardson]

You would restrict your data based on the user's ID. Grant access to data they're allowed to read and secure the rest. This is covered in auth based security.

If you want to try and implement something based on app id, then you could sign your own tokens and utilize any sort of auth schema you like. 

Last but not least, keep in mind that any datum stored in Firebase can be used as a criterion for security rules. Thus, you could "approve" apps or require that the app ID be stored in a user's profile, or anything else that meets your needs.

If you want more specific advice, provide a detailed use case of what you're trying to accomplish, rather than the proposed solution.

☼, Kato

--
You received this message because you are subscribed to the Google Groups "Firebase Google Group" group.
To unsubscribe from this group and stop receiving emails from it, send an email to firebase-tal...@googlegroups.com.
To post to this group, send email to fireba...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/firebase-talk/2efdca50-6621-42cd-a66a-a83c6801b3d3%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.