Firebase: Using auth.uid as a userId - that's bad right?

Asked Nov 05 '15 at 06:29

Active Nov 05 '15 at 06:29

Viewed 980 times

Tools: Firebase

Issue: Security with completely client-side code and exposing unique Ids

I've been really scratching my head on how to create a system to uniquely Id a user for basic user-user interactions.

Common examples - direct messaging a friend, adding a new contact ect...

There has to be a unique id being passed out to clients in order to establish those types of connections

The reason I am so tripped up is because in my mind I'm not suppose to be exposing any users uids(for security reasons it seems sketchy) and therefore I would need to give a user multiple unique ids( one for a group, or for each connection,ect).

So am I wrong and I can use the uid so long as I set up security rules? I'm sure there has to be be a super simple answer to this one.

asked Nov 05 '15 at 06:29

Nick Pineda

6,354
11
46
66

3

I recently answered a very similar question here: http://stackoverflow.com/questions/33342681/firebase-uid-as-qr-code-tag/33347706#33347706 – Frank van Puffelen Nov 05 '15 at 14:38
@FrankvanPuffelen yea that answer helped a lot! So it's logically to use that to identify the user in order to pass them messages or resources? – Nick Pineda Nov 05 '15 at 20:57
1

Yup, uids are used everywhere to identify users. – Frank van Puffelen Nov 05 '15 at 21:14
@FrankvanPuffelen thanks a million you are always suuuper helpful! – Nick Pineda Nov 05 '15 at 22:06
6

Possible duplicate of [Is it safe to use Firebase UID as QR code tag?](https://stackoverflow.com/questions/33342681/is-it-safe-to-use-firebase-uid-as-qr-code-tag) – M at Nov 25 '17 at 20:01

Firebase: Using auth.uid as a userId - that's bad right?

0 Answers0