[int0x29]

Firebase seems to suffer a similar problem of people not setting permissions right. The only major difference is that they seem to steer devs pretty aggressively to Google auth which won't leak password hashes.

While in theory your API can be the database it seems like a footgun for the inexperienced and AI.

[tonyhart7]

to be fair, Auth and access control is just "hard" problem in general tbh

we have so many data breach because they lack "common basic" security best practices, we aren't talking about state level hacker here

just public bucket storage and so on

[veeti]

AWS also had to add some serious warnings into S3 console to stop people from blowing their foot off with public buckets.