Okay, I'm going to investigate more today; will keep this thread posted with my findings.
I'm new to Firebase and have been loving it so far. But the way the Google team has designed storage (if I'm understanding it correctly) is honestly baffling to me. Generally, to my knowledge at least, a good platform will provide three ways to access storage:
Public short link (like youtu.be/*** or bit.ly/** links). Nice, short, shareable.
Super-long "unguessable" link. Public but only if shared ad-hoc. So effectively, private (kinda).
Actually-secure. Every single access of the protected asset requires an authentication/authorization check.
The fact that Firebase (again, if I'm understanding it correctly) only offers "security through obfuscation" (option 2) as its most easy-to-implement approach is bizarre to me and honestly not very secure (IMHO). I'll dig into it more today though; thanks! ๐
For further actions, you may consider blocking this person and/or reporting abuse
We're a blogging-forward open source social network where we learn from one another
Got it! Thanks, David, for your quick reply! ๐
Okay, I'm going to investigate more today; will keep this thread posted with my findings.
I'm new to Firebase and have been loving it so far. But the way the Google team has designed storage (if I'm understanding it correctly) is honestly baffling to me. Generally, to my knowledge at least, a good platform will provide three ways to access storage:
Public short link (like youtu.be/*** or bit.ly/** links). Nice, short, shareable.
Super-long "unguessable" link. Public but only if shared ad-hoc. So effectively, private (kinda).
Actually-secure. Every single access of the protected asset requires an authentication/authorization check.
The fact that Firebase (again, if I'm understanding it correctly) only offers "security through obfuscation" (option 2) as its most easy-to-implement approach is bizarre to me and honestly not very secure (IMHO). I'll dig into it more today though; thanks! ๐