Firebase - Is there a security concern to let clients of the database know the uid of other clients? -
tl;dr: there security concern let clients of database know uid of other clients? example: can auth object created known uid query database user?
i need superusers define default values inside respective node. then, regular users (that belongs superuser "group") can define own values, if there's key that's not defined user, client of user node can fallback superusers default values.
but accomplish it, need users know uid of respective superuser.
a sample database be:
{ "superusers": { "k32kd2dd8f9vf9...": { "key1": "value1", "key2": "value2", "key3": "value3" } }, "users": { "t53ggft56df52g...": { "key2": "myvalue2", "key3": "myvalue3", "superuser": "k32kd2dd8f9vf9..." } } } in case, user "t53ggft56df52g..." defines own values "key2" , "key3", not "key1". so, client reads "t53ggft56df52g..." node can read "superuser" value , fallback "k32kd2dd8f9vf9..." , retrieve default "key1" value.
update
as jay's comment. i, actually, have planned superusers create users. since that's not possible anymore comes mind implement membership request system accomplish similar.
to better explain use case, here's new json example shows actual data need handle:
{ "restaurant_franchise": { "k32kd2dd8f9vf9...": { "info": ..., "menu": { "awesome burguer": { ... }, //recipe, cost, sizes... "amazing burguer": { ... }, "incredible burguer": { ... } }, "members": { "t53ggft56df52g...": true }, "membership_requests": { ... } } }, "restaurant": { // actual establishment "t53ggft56df52g...": { "info": { ... }, "menu": { "amazing burguer": { ... }, //this 1 has less sizes available "incredible burguer": { ... } //this other 1 costs more }, "default_to": "k32kd2dd8f9vf9..." } } } here, client reads menu of "t53ggft56df52g..." can obtain default values missing keys. in case, "awesome burguer" missing restaurant because changes nothing original values defined in "k32kd2dd8f9vf9...".
Comments
Post a Comment