I have a java client (Standalone app) that is using the Firebase Admin SDK, because I need to read values from the Realtime database whenever a value is changed. (A ValueChange listener is being used).
Currently I'm including the service-account.json in the app. Even if I set the roles to Viewer, using this service-account.json, I can create accounts usingFirebaseAuth.createCustomTokenAsync, which is something I dont want.
Is there a way to make a service-account with Realtime-database read only?
I know I can use setDatabaseAuthVariableOverride to "limit", but if someone extracts my service-account.json from the app/jar, they have the power to do everything..
I'm not using node.js, just Java with spring. And js firebase is a no, because I need to receive updates even without a web page.
Never distribute service accounts to end users. They should only go to trusted parties.
There is currently no fine-grained way to control access to Realtime Database via service accounts. Access control is performed via Firebase Authentication client libraries, which are not available for non-Android Java clients.
Related
I am planning to make a software which requires two or more databases to be in sync with a main server database ( located on a web server ). Suppose one user have installed my software on more than one computers. Suppose he updates some info on PC-1 then the change should be locally updated and if he is connected with the internet, it should get in sync with the main web server. When he opens the software on PC-2, latest into must be shown there ( assuming he is connected with the internet ).
Now suppose both PC-1 and PC-2 have same data, and both are offline. User deletes the data from PC-1 but don't deletes it from PC-2 ( he assumes it'll get managed automatically ), now when both of the systems go online, the record must be deleted from PC-2 too.
Basically, I am trying to find the database which was most recently updated or modified and sync it with the main database ( on the server ). How can I do it ?
It sounds like you want to synchronize some user data whenever the users or application becomes "online" again.
A couple of suitable services are:
Amazon Cognito Sync is an AWS service and client library that enables cross-device syncing of application-related user data. You can use it to synchronize user profile data across mobile devices and the web without requiring your own backend. The client libraries cache data locally so your app can read and write data regardless of device connectivity status. When the device is online, you can synchronize data, and if you set up push sync, notify other devices immediately that an update is available.
AWS AppSync enables developers to interact with their data by using a managed GraphQL service. GraphQL offers many benefits over traditional gateways, encourages declarative coding style, and works seamlessly with modern tools and frameworks, including React, React Native, iOS, and Android. GraphQL is a data language that was developed to enable apps to fetch data from servers. It has a declarative, self-documenting style. In a GraphQL operation, the client specifies how to structure the data when it is returned by the server. This makes it possible for the client to query only for the data it needs, in the format that it needs it in.
I have a javafx app that i created and it makes calls to the mysql database. Unfortunately the database username and password is viewable if you view the jar files. Is there a way to have the javafx app connect to a PHP file on my web host server to manage these database calls and database connection so I do not need to store the creds client side? Or is there a better way to handle this server side? Maybe an API?
Uploaded picture of what I mean
The first thing you should determine is the data that you want to read/write using your java application. Only that data that it needs.
The second is why do you beware of revealing storage access credentials? Is it because of data that shouldn't be visible from the java application?
If an application has access to data hance the owner of the application has access to data. No other options here. The only thing you can do here is to restrict access for each application to its data. It means that each application should have its own credentials which give access to that application's data.
It doesn't matter if you use either MySQL direct connection or API. In both cases, you have some access credentials (DB login+password or API token) or don't have credentials at all but the last one means everyone will have access.
The company that I work for has some small android applications running that communicate with their ERP software lately they requested to authenticate users and have sessions for safety reasons
Instead of integrating the autheticate and session code into every app (6) I want to build an Android app that acts like a dashboard. The app will authenticate the user, create a session and show the available apps on the device that the user can access with their user role.
The problem is I need the know which app requires which user role
I don't want to store this information in the dashboard app sinds that will require me to update the dashboard app each time i create or change an app
I was thinking or using an Content provider but that seems to be a lot of work and redundant since it has to be integrated into every app that I have (6)
So my question, is there a way to get data from apps that can easily be implemented. The data isn't big (only one Integer)
thanks in advance.
I'm developing a game in Java and I need need store and get data from mysql database.
Currently I have login credentials saved in my Java app source codes and I'm using some library for the communication. But I think that this is a really unsecured way cause of credentials saved in the Java file.
I was wondering what if I do it through some server side PHP scripts which would just get some information and do what is necessary. But again somebody can get that link and do some evil.
I also thought about creating a new database and mysql user for each user registered. So there would be central database where would be just informations for game and it would be read only. So no security problems. And user informations would be saved in his own database and only he would have login for it. But I see one problem, what if I'll need get some information from another user?
So I was wondering what is the best way to keep it simple and secured?
Define a set of services (RESTful will be good) in server side (through PHP or Java or another programming language) that communicates with the datasource (MySQL or another). Then, from your client, consume these services. Now, you can assure the client and server points for communication like authentication and authorization to consume the services, you can use OAuth for this.
also thought about creating a new database and mysql user for each user registered. So there would be central database where would be just informations for game and it would be read only. So no security problems. And user informations would be saved in his own database and only he would have login for it
This is a no go. Since it's a game, you will have to maintain a single database per user. It's highly costly and you will have more problems than just retrieving the data from another user.
I'm developing an android application and i have integrated Linkedin into my app for authentication by using this link
http://www.theappguruz.com/blog/android-linkedin-connectivity-code-sample/.
I want to know user's connections(friends/associates) in Linkedin who have installed my app i,e user's Linkedin connections who have downloaded my app.Is there any way to achieve this?
Thanks in advance for any help
I believe most of the time this task is done on the application side from scratch (It was called autodiscovery in our project).
So basically what you need is connection management for the User. Simplest possible solutions:
App based User connection management.
In this case you need to have some distributed Key-Value store available to your Android application (Some Redis host for example).
The simplest workflow in this case
Populate key-value - like linkedIn_ID -> your_application_id on LinkedIn API authorisation.
Find connected users for your Application, querying by connection LinkedIn_ID.
Server based User connection management
The same thing, but introducing separate API on your server.
In both cases, take in consideration new connections, that might appear after some time.