Best Practice For Storing Firestore Data Model
When using Firestore and Android, if we want to store the data model in one place, we can store it:
<string name="collection_users">users</string> <string name="user_first_name">first</string> <string name="user_last_name">last</string> <string name="user_year_birth">born</string>
Or directly in Java:
public static final String COLLECTION_USERS = "users"; public static final String FIELD_FIRST_NAME = "first"; public static final String FIELD_LAST_NAME = "last"; public static final String FIELD_YEAR_BIRTH = "born";
However, in both cases, we expose the entire data model of the DB in the client code, making the job of attackers easier in case they get somehow their hands on the source code of the app. Is there any good practice or suggested approach to minimize the exposure of the structure of the DB in the client code, when using a No-SQL DB such as Firestore?
Is there any good practice or suggested approach to minimize the exposure of the structure of the DB when using a No-SQL DB such as Firestore?
Sure it is, use Firestore security rules, so you can secure your database according to your needs. For that, I recommend you read the official documentation regarding getting started with Cloud Firestore Security Rules.
Security rules provide access control and data validation in a simple yet expressive format. To build user-based and role-based access systems that keep your users' data safe, you need to use Firebase Authentication with Cloud Firestore Security Rules.
Since exposing the database structure cannot be prevented, the name of the collections/documents should explicitly exist in your code so you can use them in your references. But this won't be a problem as long as you secure your database correctly. You can move some logic (when possible) server side, will be a good option.
You can also try to store those names in a local database if you want and encrypt them, but in my opinion there is no benefit in doing this. It's up to you to choose if you need some kind of encryption or not.
- → should I choose reactjs+f7 or f7+vue.js?
- → Phonegap Android write to sd card
- → Local reference jquery script in nanohttpd (Android)
- → Click to navigate on mobile devices
- → How to allow api access to android or ios app only(laravel)?
- → Access the Camera and CameraRoll on Android using React Native?
- → React native change listening port
- → What is the default unit of style in React Native?
- → Google play market autocomplete icon
- → Warning: Each child in an array or iterator should have a unique "key" prop. Check the render method of `ListView`
- → Using Laravel with Genymotion
- → react native using like web-based ajax function
- → react native pdf View