How do I prevent my firebase application from being used on other sites?

2

How do I prevent others from taking this code from my site and using it on others, or how to make it work on mine?

var config = {
      apiKey: 'your-api-key',
      authDomain: 'your-auth-domain',
      databaseURL: 'your-database-url',
      storageBucket: 'your-storage-bucket'
    };
firebase.initializeApp(config);

(edited) Is it possible to have a server only to use this firebase code but to use the application on another site?

    
asked by anonymous 08.07.2016 / 16:08

2 answers

1

The biggest issue at this point is to allow someone who is not authenticated to read / write the information in your database. by default Firebase blocks it.

If you are in Menu -> DataBase -> Rules you will see the following:

{
  "rules": {
    ".read": "auth != null",
    ".write": "auth != null"
  }
}

Thiswayunauthenticateduserscannotconsumeinformation.

Takealookatthis: Firebase Security Quickstart

    
13.07.2016 / 22:15
0

You can obfuscate the code with various obfuscators and JavaScript compressors to prevent the code from being readable or editable, but the more accurate it is to "enforce" the code, which has not yet developed a tool yet. It could basically be made a condition like this to check if the domain of the page is the true one:

var i = location.href.indexOf('//') + 2,
    sub = location.href.substring(i,
                       (location.href.substring(i).indexOf('/') + i) || null
);

sub === "www.example.com" || sub === "example.com";

, which is not enough and difficult to apply multiple times in a project, however.

JScrambler

JScrambler is an online JavaScript obfuscator and has the option to make the script work in a specific domain (it should be very simple in the basic version), which has a old and a new version. The new version is not free and seems like a better base, while the old version is free and has almost no obfuscation feature. I have no way to prove the paid version since I never bought it - it has a demonstration example, luckily.

Thanks to the easy-to-use interpreters in JavaScript, you can create some tool in the future, or near here.

    
09.07.2016 / 01:16