Comments (2)
If you could confirm that my understanding is right, I can give you a Pull Request which allows the use of a token without using the secret.
from python-firebase.
Got this back from the firebase guys, so I guess this is apparently OK as long as your server is trusted.
"It's fine (and expected) to use your Firebase Secret in your trusted server code. You just shouldn't put it anywhere that gets sent to the user (in your html / javascript, in a mobile app, etc.).
It's not as applicable to the python client, since most of the code you write in python is probably trusted server code, so it's fine to include the secret. But for our other token generators (java, javascript, etc.) we've had issues with people accidentally leaking their secret by improperly using it in code that gets sent to their users."
But I still don't like the idea :) So I've made a couple of mods to your code which allow me to use a more fine-grained role-specific token-based approach. I'll send in a Pull Request with the changes.
from python-firebase.
Related Issues (20)
- get() param=None
- SyntaxError: invalid syntax HOT 10
- HTTPError: 400 Client Error: Bad Request for url: https://app.firebaseio.com/essential/activepassive.json
- AssertionError: daemonic processes are not allowed to have children
- How can I use phone auth?
- Missing dependencies HOT 3
- 'module' object is not callable HOT 2
- Could not install packages due to an EnvironmentError: 403 Client Error HOT 2
- merhaba özgur bey
- Giving an error saying "snapshot must be specified" when calling the firebase.get() function. HOT 2
- Any updates on the repo? HOT 2
- Noob question: FirebaseAuthentication unable to be imported HOT 2
- Custom timeout throwing TypeError
- Firebase with Kivy HOT 1
- ImportError: No module named firebase HOT 6
- firebase update the values of Unique key id Dynamically,how can i do this result7=firebase7.put('Attendance/LYGalsOeJG-7IgxYkV3' ,'CheckOutTime' ,time2) print(result7) while k=LYGalsOeJG-7IgxYkV3
- Un Authorized Because Token Generator HOT 2
- Push to pypi the updated version HOT 3
- Dealing with %20 in a key
- I cant authenticate HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from python-firebase.