I had trouble finding this part inside of the firebase reference.
The question is: How can I make an account creation procedure, which only allows to do so if a certain hidden condition ( which is placed on the database ) is true. I have concern that somehow, by cross site scripting, anyone could create an account.
It should look something like this: if[hiddenDatabaseValue=true][accountCreation is possible] :)
Right now, anyone could just grab the code and create an account within minutes. But if I could have a secret code, which only the current browser knows, and the account creation algorithm would check for this code in the database for (true) and then allow the creation of an account.
Please be sure that your solution is protected against XSS injections. Anyone who knows the Auth methods could play with it. I want to restrict it by this factor.
Aucun commentaire:
Enregistrer un commentaire