Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[BUG] - all users have write permissions to firebase storage #28

Open
zvikarp opened this issue May 2, 2019 · 0 comments
Open

[BUG] - all users have write permissions to firebase storage #28

zvikarp opened this issue May 2, 2019 · 0 comments
Labels
available task waiting for a contributor to start working on this task bug Something isn't working security issue
Milestone
version 1.0.0

Comments

@zvikarp
Copy link
Owner

zvikarp commented May 2, 2019

The bug
Well apparently firebase storage ruls can't use firestore, therefore the write access to storage can't be dependent on user role. This is no good.

How to fix

  1. don't give anyone permissions to write to firebase storage.
  2. instead of admins saving to storage, they run a firebase function that saves the image, can we pass a image to functions? good question.
  3. thte connection between the app and firebase functions should use a token, as explain here [BUG] - Security issue with using firebase functions #27.
@zvikarp zvikarp added bug Something isn't working available task waiting for a contributor to start working on this task security issue labels May 2, 2019
@zvikarp zvikarp added this to the version 1.0.0 milestone May 2, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
available task waiting for a contributor to start working on this task bug Something isn't working security issue
Projects
None yet
Milestone
version 1.0.0
Development

No branches or pull requests
1 participant
@zvikarp