Firebase Feature Feedback

80 views
Skip to first unread message

Justin Noel

unread,
Dec 20, 2018, 4:03:15 PM12/20/18
to Firebase Google Group
I've blogged about some features I'd like to see in Firebase.  I'd really appreciate some feedback on these topics.  Can y'all please review and reply on this topic?


Thanks,
Justin

Samuel Stern

unread,
Dec 20, 2018, 4:14:01 PM12/20/18
to fireba...@googlegroups.com
Hi Justin,

Thanks for taking the time to write this up.  We love long-form feedback like this, so keep it coming.  I'll attempt to give you some insight on each topic:

Debug Logging
As you probably know, the reason the error on the client is just PERMISSION_DENIED is because providing anything more would be a security risk for your app.  An attacker could use the failure information to probe the edges.

We recently released emulators for RTDB and Firestore that give you much more advanced security rules testing abilities:

This is where we'll be focusing our improvements, as we can get the emulator to provide rules failure information even more advanced than what would be possible if we let you see the logs from the production service.  You still have to "set it up" but we're working on making that easier all the time.

Audit Trails
This is a good idea and one that we have heard from quite a few developers.  We're in the very early stages of seeing how we could add this to Cloud Firestore, but we're talking about it.

Your Cloud Functions queue-to-write pattern is a very common way that developers overcome this limitation.

IP Address Logging
This is interesting!  I could definitely see how it would be useful in security rules.  For privacy reasons I doubt we plan to log users IP addresses automatically, so I'd say stick with your workarounds for now.

Thanks again for taking the time to do this!
- Sam

--
You received this message because you are subscribed to the Google Groups "Firebase Google Group" group.
To unsubscribe from this group and stop receiving emails from it, send an email to firebase-tal...@googlegroups.com.
To post to this group, send email to fireba...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/firebase-talk/3a63ee7e-bfb3-4362-a732-787339168214%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Justin Noel

unread,
Dec 20, 2018, 4:30:22 PM12/20/18
to fireba...@googlegroups.com
Sam,

Thanks so much for reviewing and the feedback!

The emulator is certainly interesting and will be incredibly useful for testing.  However, it does not solve the real problem of testing or solving a production issue;
- A client is trying to write to the database
- The client is getting permission denied
- I have no idea why, this is a black box.

In my post, I describe how I made a mistake with setting up the simulator and testing against it. The emulator suffers the same problem. I could just as easily make the mistake of testing the wrong data.  The only way to know why real data  is failing to write is if the RTDB logs the failures - if only for a short time.  With a "real" backend that I control, I can quickly see what is really coming in to the endpoint vs what I THINK is coming in.  It would be great if Firebase could add that functionality.

IP Address Logging:
"For privacy reasons I doubt we plan to log users IP addresses automatically" : Your customers are Firebase developers and enterprises.  It is up to them to decide what they need to provide their services to THEIR customers.  In some cases, a business simply can't use Firebase because their internal requirements stipulate logging all requests including IP address.  Why would Firebase/Google be opposed to this?  ANY LAMP, Node.js, etc backend can do this.  Why should Firebase prevent a developer from gaining access to information they could get if they rolled their own API?  I'm absolutely certain that Google uses IP address information for analytics, advertising, etc; so, why would Firebase feel other developers/companies don't have a right to access the information?

Thanks,
Justin


You received this message because you are subscribed to a topic in the Google Groups "Firebase Google Group" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/firebase-talk/1bUjK7I6ed8/unsubscribe.
To unsubscribe from this group and all its topics, send an email to firebase-tal...@googlegroups.com.

To post to this group, send email to fireba...@googlegroups.com.

For more options, visit https://groups.google.com/d/optout.


--
Thanks,
Justin Noel

Reply all
Reply to author
Forward
0 new messages