Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Investigating Firebase Authentication Process & Security Rules #30

Open
ojimba01 opened this issue May 16, 2023 · 0 comments
Open

Investigating Firebase Authentication Process & Security Rules #30

ojimba01 opened this issue May 16, 2023 · 0 comments
Labels
documentation Improvements or additions to documentation enhancement New feature or request help wanted Extra attention is needed medium priority Feature/Update should be handled soon New Feature New components added

Comments

@ojimba01
Copy link
Collaborator

ojimba01 commented May 16, 2023
edited
Loading

Description

As part of our ongoing efforts to enhance the security and functionality of our Firebase Realtime Databases (RTDB), we are seeking a volunteer to investigate and potentially modify our existing Firebase security rules. We are planning to handle user authentication in the near future, and we need to prepare our security rules accordingly.
https://firebase.google.com/docs/auth/admin/manage-users#python

Details
This task involves two parts:

  1. Investigating and Modifying Current Security Rules:

Our current security rules for our water resources need to be rechecked and possibly modified. The databases in focus are:
**Note: We intend to drop the $id requirements for reading and writing to our DBs for complexity purposes.

  • phlask-web-map-prod-water-live
  • phlask-web-map-beta-water-live
  • phlask-web-map-test-water-live

**We are choosing to focus on the water resource first, and then once things are flush and documented we will work on the other resources

  1. User Authentication Research:
    We are planning to handle 5-10 users for Phlask. This means we need to configure our security rules to handle authentication, allowing only authenticated users to read and write data to our databases. Some questions to answer during this investigation include:
  • How can we ensure that only authenticated users can write data to our databases?
  • Can we assign different user roles (admin, standard user, guest) with Firebase's authentication system?
  • How can we securely store user data in Firebase?
  • How would user authentication impact our current data schemas?
  • How can we migrate existing data if we integrate user authentication?
  • What are the potential security risks of integrating user authentication and how can these be mitigated?
  • Can we implement a password reset feature for users?
  • What would be the process to suspend or deactivate a user's access?

Resources:

Please report your findings and any recommendations for changes to our current system. Your insights will play a crucial role in the improvement of our security practices and the expansion of our user base. Remember to keep all information confidential and secure during this process.

Please feel free to reach out if you need further clarification or guidance. We appreciate your contributions to Phlask!
@ojimba01 ojimba01 added documentation Improvements or additions to documentation enhancement New feature or request help wanted Extra attention is needed New Feature New components added medium priority Feature/Update should be handled soon labels May 17, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
documentation Improvements or additions to documentation enhancement New feature or request help wanted Extra attention is needed medium priority Feature/Update should be handled soon New Feature New components added
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@ojimba01