I'm interested in using Firebase (http://ift.tt/1ToGvOa), I've looked at their docs and their JavaScript examples seem to run on the client, am I being really stupid or is that a bad idea?
Like the database feature for example:
function writeUserData(userId, name, email) {
firebase.database().ref('users/' + userId).set({
username: name,
email: email
});
}
Whats to stop someone opening up the console in the browser and putting anything they want in the database, maybe thousands of times?
Also, I spun up a node/express server and managed to get the database functionality working fine on the server, but unfortunately I couldn't for their authentication feature, maybe because it needs to send the token to the client?
Aucun commentaire:
Enregistrer un commentaire