hisaac.net

Solo Project Day Four: Too Big for my Britches

Today was a tough day actually. I started to get hung up on some bigger issues than I need to worry about at this stage. Contemplating user security is new to me, and something that I began to worry a lot about. When a user logs into my app using Firebase, my app gets sent that user’s key and their secret. These are essentially their username and password, but they are specific to my app, and requre my apps key and secret as well to be used in any way. This means that even if someone were to steal a user’s key and secret, they wouldn’t be able to do anything with them unless they had also stolen my app’s key and secret.

So this provides a good level of security, but my question was whether or not it’s good practice to store the user’s key and secret on my server. It seems like it would be secure enough, but secure enough doesn’t really seem like good practice these days. For now, I’m going to not store the key and secret anywhere, and only hold while the user is currently using the app. I plan to do more research on it later.

Things Done

Today’s Research

Notice a typo, or have a comment or question? Feel free to Send me an email, or edit this entry on GitHub.