This question already has answers here:
How do you prevent duplicate user properties in Firebase?
(2 answers)
Closed 5 years ago.
I have been making mobile application for iOS and Android platforms and want to prevent this duplicate entries which the apps make. I don't want to this on app side as I'll have to do it on both the platforms.
Then I heard about the rules in the Firebase Database section and I tried couple of them but didn't work out for me.
Please help me with the firebase rules.
If you use Cloud Firestore, you may prevent double record something like this rule, but honestly I did not test it. I wrote it just from Firebase documents :
service cloud.firestore {
match /databases/{database}/documents {
// Checks name is not the same as resource and request data
match /Dealers/{dealer} {
allow write: if request.resource.data.name != resource.data.name;
}
}
}
for more information, check this
Related
This question already has answers here:
Can someone please explain to me why we need Firebase security rules when I can literally write rules in my client code?
(1 answer)
Is it safe to expose Firebase apiKey to the public?
(10 answers)
Closed 14 days ago.
This post was edited and submitted for review 14 days ago.
Quick question: I am creating a blogging site with Firebase and it wants me to set up safe rules everytime. As long as people cannot get info from database, because they cannot call get() and set() functions from debug console, why do i need rules? Can they get my credentials and use it in another app and how can i prevent it with rules? Thanks by now!
My Current Rules:
{
"rules": {
".write": true,
".read": true
}
}
This question already has an answer here:
How do I setup firebase realtime DB triggers for multiple databases using cloud functions?
(1 answer)
Closed 1 year ago.
I've two apps, same logic, but differents database.
On app 1, I use database-1, for app 2, I use database-2.
On my first app, I've deployed a onWrite functions, that's works well. The function is trigged and everything works well.
Now I want to deploy the same function, on the same project but with different database, it's that possible?
functions.database.instance('database-2').ref('/foo/bar')
According to docs, you can specify a Realtime Database instance with instance('INSTANCE_NAME').
This question already has answers here:
Secure keys in iOS App scenario, is it safe?
(3 answers)
Closed 3 years ago.
I am working on a simple iOS app in Swift that uses an API that I pay for. I do not have a ton of resources and have yet to find a simple/up to date solution to this issue. I want to protect my API key and not put the key directly in my code where I make requests (I have heard this is best practice).
What would be the simplest way to protect my API key from someone taking apart my code and using it.
I've heard something about using Keychain but I'm unsure if this is the best route.
class APIService {
static let shared = APIService()
private let token = "(my token goes here)"
//...various API request functions
}
There is no easy way, nor is there a way to completely protect them from attackers. You can always do some simple key obfuscation or store them in a server but if a hacker can reverse-engineer your code they can likely reverse-engineer your obfuscation.
It'd be good to develop safety measures to take if someone does get your keys (database backups, etc.. ).
This link helped me when I was originally looking into this topic for one of my apps.
NSUserDefaults:
NSUserDefaults is simple and effective for saving small datas like NSNumbers or NSStrings, or even saving remember me option for saving ur state of UserName. NSUserDefaults is no way stored securely as it's easily gets Hacked.
KeyChain:
Best place to save tokens, api keys. Find the below apple documentation which describes more,
**βAn encrypted container that securely stores small chunks of data on behalf of apps and secure services.β "Simply a database stored in the file system.β**
KeyChain Documentation
And here is the example of Swift Version with simple way to store and retrieve data using KeyChain
https://stackoverflow.com/a/37539998/1244403
Closed. This question needs debugging details. It is not currently accepting answers.
Edit the question to include desired behavior, a specific problem or error, and the shortest code necessary to reproduce the problem. This will help others answer the question.
Closed 5 years ago.
Improve this question
Firebase is configured in APPDelegate.
Read is set to .true in rules.
But, before I have a user sign into my application, I am checking for usernames, within a separate table of my Firebase DB. It would skip the observation block entirely, until I forced signed-in into another already created account of mine. And then when I would re-build the application the block is no longer skipped and actually accesses the table.
How do I "Wake Up" Firebase when I run the app on a fresh device, so I can check for usernames without having to log onto the app with an existing account before hand?
You may want to reconsider how the app is structured.
If you are checking for usernames before being authenticated that means the node is exposed and anyone can grab a copy of all the usernames. Obviously that in itself may not be a huge issue but if your users decide to use an email, whoever grabs the list has a instant list they can spam to.
When you add any observer to a node, that node is read once as soon as the observer is added. When you app starts you can use .childAdded to iterate over an existing node to pre-load some data, a grocery list for example, and then any new grociees added after that will be sent your your app via an event.
Likewise a .value event will read in an entire node and leave an observer attached for any future events.
The username issue is tricky and the way you are doing is now is probably going to get you in trouble in the long run.
A better way is to leverage Firebase Authentication.
Firebase handles all of the usernames and passwords for you. It's very powerful and flexible and avoids the issues you are encountering. It will let you know if user names exist or not, it will do password reset emails and you can manage users from the Firebase Console. It's the way to go.
If you want to add username functionality it can be pretty easily done by adding a username or nickname node to the /users node
/users
uid_0
email: "bill#email.com"
username: "bill_the_cat"
uid_1
email: "clark#email.com"
username: "superman"
Once the user authenticates using Firebase Authentication, from there forward any time the user info needs to be displayed in the app, simply look up the uid that you need (uid_1) and grab the username node (superman) for display.
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 4 years ago.
Improve this question
I'm new to iOS and have just started leaning it. I want to develop a small app for bus passengers where-in all users in the bus must login using the app.
If user is using the app for 1st time, he must sign up . User must enter all details like Name,Age,Emergency Contact,Address,Source,Destination,Phone number etc.
If user already exist, then login with existing user name and password.
All details must be stored somewhere (not sure) and retrievable format.
Here comes all my question and doubts based on above app requirements :
do i need to follow client-server architecture ?(mobile app being client )
where all user details will be stored ( on mobile or server )
when user tries to login, how check if user already exists or not ?
if any communication protocol to be used for mobile app communication then which will be good considering the performance of app should be fast.
mobiles internet data should be available ?
which database to use to store user details ?
considering all above things i need to design my app.
thanks
I will try to give some points to start from.
1) I think yes (its really depends what you want to achive but if you only want to get/pos resources to/from server, http request should be enough to start from).
2,6) Depends which details.
For simple details which no need in protection NSUserDefaults Sqlite or Core data can fit. (also there are some nice wrappers for them for instance TMcache, you will need to investigate it).
If you need to save private details you will probably need to use keychain.(honestly I would avoid saving important details on the device everything can be hacked so try to limit it).
3) One of the common ways which come to my mind is to check in run time if the user already logged in is by saving login status in NSUserdeFaults and check it in - (BOOL)application:(UIApplication *)application didFinishLaunchingWithOptions:(NSDictionary *)launchOptions. If you need to check Existence of user in your system than probably some server help will be need.
4) Please refer to apple Docummentation NSURLSession should fit.Also AFNetworking is really good library.
Edit:
5) Usually IOS will use Current Internet Connection which is available and more efficient for the system it will start with WIFI then CellularData (Check Reachability for testing availability of internet connection its also included in AFNetworking library) .
-All those questions/answers can be found on stack.Hope I helped.
List of common IOS frameworks