I am trying to understand how Ionic and Firebase play together in terms of security and distribution and I have one question that I could not find on the web. If someone could please help clear this or show at least the steps to secure the firebase auth keys.
If Ionic app is packaged via Cordova for Google Play and Apple store, how to handle Firebase auth security information (keys, etc.) Will it be packaged also? From what I’ understood you put this info in the app.js file but this file is not secured.
How to properly secure this info when distributing the app?
Thanks Aaron, I am trying to understand Firebase security rules and the question is not about the firebase itself, but in regards to how to protect the config info which goes inside the config variable. If the app is distributed to local devices through mobile stores, then the app.js file with the auth key is open to be hacked when the app is installed on these devices…
What are the architectural steps to avoid security breech?
One way I was thinking is to use serve side to deliver this page, but this would go against the OFFLINE mechanism which Firebase provides.
Another way was to restrict user to modify only its own node but I have no clue how to implement it. Of couse, I assume the user would have to be logged in via one of the firebase authentication process (gmail, twiter, manual, etc.).
For instance lets say we have a node
root/mystuff/stuff/keys/(stuff array)
root/mystuff/key/userid
.
How would I write a rule to force user to only view and write his/her stuff in the root/mystuff/stuff {array}?