'Firestore SDK - Where does onSnapshot event listener/pending writes store data?
As per the answer in the link below: Does Firebase Firestore keep a local copy of snapshot
The Firestore SDK keeps a local copy of:
- All data that you have an active listener for.
- All pending writes.
In addition, if offline persistence is enabled, it also keeps a local copy of data that your code has recently read.
Does this mean that even if offline persistence is disabled on the web, onSnapshot event listeners and pending writes will still be stored locally to cache regardless?
I'm worried about sensitive data on shared computers for these listeners and pending writes that's stored locally (if they did not successfully write to the server, i.e. went offline in the process, etc.). Can malicious users access this data somehow? Is this a flaw of firestore for web apps?
Solution 1:[1]
If offline persistence is disabled, only pending writes are stored in the local cache.
You should assume that all data that is entered on the local device can be intercepted by a malicious actor who gets access to that device. If that is not acceptable for your use-case, consider not using a Firebase SDK for Firestore but using the REST API or gRPC API directly.
Sources
This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.
Source: Stack Overflow
| Solution | Source |
|---|---|
| Solution 1 | Frank van Puffelen |