Hello! Hope you're having a good day.
I was working on a project where I am making a user input form with HTML, JavaScript but when I inspect using Google Chrome, the front-end codes are showing up. All of my firebase Realtime Database API, Key, everything is there, visible.
I was wondering, if I make a login/sign up page using firebase and JavaScript, someone will be able to steal this database API and create their own HTML form, submit information and then they come back to my site and directly login with what they have, right?
Is there possibly any way (without React.js .env method) to prevent users from stealing my firebase API codes?
Top comments (3)
Note to self after almost an year:
Use ENV (environment) variables and learn NodeJS and Express
I have learned Node and Express so now it's quite simple just put it inside an .env and work like process.env.apiKeyName so that's how simple it is. The ENV file can not be seen cause it's processing in the backend via Node server and boom, you're just fetching stuffs without exposing anything.
I think that api are publicly available and that is somewhat okay, that is why there are rules that control access to database.
Hey man! Thanks for your quick response. But, guess, if someone steal my API keys and use them in their website or something, and they are just letting users randomly spam with data– that's an issue there, right? Or am I just overthinking about it? Need to understand.