|
|
|
|
|
|
by jakobegger
2919 days ago
|
|
|
Yes, this is a problem on Firebase side. If your software can be configured in an insecure manner, that's what people will do. There are so many developers out there that every possible mistake will be made. The easier the mistake is to make, the more common it will be. If the mistake requires the developer to perform an action to avoid it, it will be ubiquitous. In 2018, security can no longer be an afterthought. Your product must be secure out of the box. Insecure configurations must be hard or impossible to set up. You can't offer an insecure "development mode", because that is what people will use in production. (PS: Of course it is also the developers fault. But that is no excuse for the vendor. There are lots of incompetent developers out there. Confused developers are not an exception. Your product must be secure even if people don't read the documentation) |
|
|