'Is it safe to use uid to store data in firebase database? [duplicate]
I plan on creating an application on flutter that uses firebase auth and cloud firestore. My plan is to create a user and the use the user's uid(iser id) to store and modify data in the database. So a specific id refers to a specific user. I wanted to know if it is safe to directly save the user id in the flutter app after the user login because if someone were to somehow get access to the user id they would have access to their data in the database.
Solution 1:[1]
Would advise to use your custom ID along side with UID. When your app grows, you don't want to be sharing the UID or passing it around. Also while setting firebase rules, you'll be referring to UIDs, which should be kept private.
generate a random string for the ID.
And for sensitive user data, set a rule in firestore, to only allow reading of the document if request.auth.uid == user.uid
. This will prevent unwanted access. Read up a bit more on firestore rules, might be relevant for your use case.
Sources
This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.
Source: Stack Overflow
Solution | Source |
---|---|
Solution 1 | Huthaifa Muayyad |