[notoverthere]

I tend to agree with this. Why re-invent the wheel by spending engineering effort building a CRUD backend?

If you're trying to bring value to market, focus on your core differentiator and use existing tooling for your boilerplate stuff.

[serial_dev]

It’s the “chrome replacement we have been waiting for”, but (if I read this right), my data is still sent to Firebase? Also it’s a browser, not a “tinder but for cats” startup idea I’m writing for my cousin for a beer.

It’s not only not a smart engineering decision, it’s also a terrible product, reputation and marketing decision.

[notoverthere]

I'm not disagreeing about the severity of the security vulnerability that has been uncovered – to be clear, it's an absolute shocker of a bug. It's really disappointing to see.

But I still disagree that the use of Firebase, in and of itself, is a bad engineering decision. It's just a tool, and it's up to you how you use it.

Firebase gives you all features needed to secure your backend. But if you configure it incorrectly, then _that's_ where the poor engineering comes into play. It should have been tested more comprehensively.

Sure. You could build your own backend rather than using a Backend-as-a-Service platform. But for what gain? If you don't test it properly, you'll still be at risk of security holes.

[shermantanktop]

> a “tinder but for cats” startup idea

Needs a name. Meowr? Hissr?

[duskwuff]

Yowlr. (Which is apparently a dubstep musician.)

[nosioptar]

(Dubstep isn't music.)

My cats would use Yowlr.