|
|
|
|
|
|
by dyates
1748 days ago
|
|
|
I've seen a fair bit of this with Firebase apps, where devs don't write enough rules, or have collections that mix non-sensitive and sensitive fields. It's tricky, because the whole query-the-database-from-JavaScript model causes your app to fail open. I wrote a tool that acts as a generic Firebase datastore client to help find these sorts of flaws.[1] [1]: https://github.com/iosiro/baserunner |
|
|