|
|
|
|
|
|
by joshdavham
459 days ago
|
|
|
Slightly tangential: I'm currently working on a web app that uses Firebase and I'd like to potentially open source it in the future. Given all these recent articles where people have been finding vulnerabilities in Firebase apps, should I be careful to open source it? The data in my app isn't super sensitive (e.g., social security or bank info), but does contain PII like names, emails, passwords. |
|
|
If you release the app as open-source make sure you remove references to your specific Firebase instance.
I'll also say that the app being open-source isn't the problem. As you can see from the blog-post, there's a LOT you can do just from looking at the frontend code delivered to your browser.