1

I'd like to secure a Firepad. After my research, I discovered https://github.com/firebase/firepad/tree/master/examples/security, which lists some rules in .json for securing a Firepad. I have looked extensively at the Firepad docs, but cannot figure out how to apply the example security rules when initializing a Firepad.

How do you initialize a Firepad using the example security rules embedded in JSON (referred to above)?

EDIT 01: I can see that Firebase lets you configure the rules, I'm interested in finding out how to APPLY these rules. For example, if I initialize a Firepad like this:

var firepadRef = new Firebase('MYURL');
var codeMirror = CodeMirror(document.getElementById('firepad'), { lineWrapping: true });
var firepad = Firepad.fromCodeMirror(firepadRef, codeMirror,
    { richTextShortcuts: true, richTextToolbar: true, defaultText: 'Hello, World!' });

how do I incorporate the rules in JSON? As an option to the Firepad.fromCodeMirror() call? As some sort of parameter to the new Firebase() call?

Ryan Shripat
  • 5,574
  • 6
  • 49
  • 77

1 Answers1

3

If you haven't already, you'll probably want to learn a bit about Firebase, the backend for Firepad. As part of setting up Firepad, you'll create a Firebase account and a Firebase database. The Firebase database lets you configure Security Rules by entering them in the "Security & Rules" tab of your the dashboard (or uploading them via the REST API).

To be clear, the security rules are not set via the code that initializes Firepad, since that is untrusted code running in the browser and so any user of your app could modify it.

Michael Lehenbauer
  • 16,229
  • 1
  • 57
  • 59