Firebase - splitting tables between secure and insecure fields -

-

is there best practice structuring firebase tables/objects between secure data fields (which users not trusted update themselves) , insecure data, may set themselves?

for example, user should free change name or preferences inside own users object, should not free change settings such if they're paid user, email confirmed, etc. or user specific example, user.name should editable user directly, while user.email should changed via our own api, update firebase's record.

this seems must common requirement, because see in every table need. e.g. have users, have projects, have tasks within project, etc. , each of data types, there fields user-editable , ones not.

so type of approach best practice? here 2 possibilities:

secure_data:   users:     user1:       email:     user2:   projects:   tasks: insecure_data:   users:     user1:       name:     user2:   projects:   tasks:

or:

users:   user1:     secure:       email:     insecure:       name: projects:    project1:      secure:      insecure: tasks:

by way, this answer implies first option above should used, wanted structure question more see if there's indeed best practice this.

there entire guide covering best practices, including topics on data structures , security related auth, includes live demo.

as previously linked question covers use cases reading secured data, i'll assume you're not asking same question, , you're interested in write restrictions. if want read restrictions, question duplicate; won't able iterate or query on path unless data in path readable.

write restrictions straightforward; grant write access relevant fields.

for example, if user should able write email not paid status:

{   "rules": {      "users": {         "$uid": {            // allow write access email not paid status            "email": ".write": "auth.uid === $uid"         }      }   } }

Comments

Post a Comment

Popular posts from this blog

javascript - Chart.js (Radar Chart) different scaleLineColor for each scaleLine -

-
Image
i try , create radar chart using chart.js has various colours each scaleline, or coloured between scalelines. wondering if possible? from: to: i have working graph, though there doesn't seem method change individual scale lines. kind regards leigh you can extend radar chart type this, so chart.types.radar.extend({ name: "radaralt", initialize: function (data) { chart.types.radar.prototype.initialize.apply(this, arguments); var originalscaledraw = this.scale.draw; var ctx = this.chart.ctx; this.scale.draw = function () { var linewidth = this.linewidth; // bypasses line drawing in originalscaledraw this.linewidth = linewidth; originalscaledraw.apply(this, arguments); ctx.linewidth = this.linewidth; var scale = this; // draw chart.helpers.each(scale.ylabels, function (label, index) { // color of ...
Read more

apache - Error with PHP mail(): Multiple or malformed newlines found in additional_header -

-
suddenly have started receiving above error without changes having been made script. host 1and1 (i know...) the script still works fine on different server, , suspicion there must have been server config change has lead this, although hosts plead ignorance. there's no information on above error @ in google can find - have ideas? server running apache if helps. had similar problem. came out of blue. no php code changed. what changed: php upgraded 5.5.25-1 5.5.26. a security risk in php mail() function has been fixed , newlines in additional_headers allowed no more. because newlines mean: starts email message (and surely don't want inject newlines through headers followed evil message). what have worked fine, e.g. having newlines after headers or passing whole message additional_headers , function no more. solution : sanitize headers. no multiple newlines in additional_headers argument. these count "multiple or malformed newlines":...
Read more

java - Android – MapFragment overlay button shadow, just like MyLocation button -

-
Image
i'm struggling add shadow custom overlay button on google map. goal make custom button google's mylocation button. here's how app looks now: layout.xml <relativelayout xmlns:android="http://schemas.android.com/apk/res/android" xmlns:tools="http://schemas.android.com/tools" xmlns:map="http://schemas.android.com/apk/res-auto" android:layout_height="match_parent" android:layout_width="match_parent" style="@style/apptheme"> <fragment android:layout_width="match_parent" android:layout_height="match_parent" android:id="@+id/map" tools:context=".mapsactivity" android:name="com.google.android.gms.maps.supportmapfragment" android:layout_alignparentend="true" android:layout_alignparentstart="true" android:layout_alignparentbottom="true" ...
Read more