It’s not about keys or modes, it’s about the rules they didn’t set up. Everyone uses firebase like that. Those “keys” are required to allow you to connect to the correct firebase app, nothing more. You don’t get any direct special permission to do things on the database or storage.
Here some more info about the rules: https://firebase.google.com/docs/database/security
Firebase keys give you access to the database, which can be public. You just have to setup rules for the database, usually so users have to be authenticated to view anything and can only read their own private info.
edit: just realized you may have just been asking about hiding keys in general. Sorry if this wasn't what you were asking about!
> Don’t put your API keys, Tokens and Secrets visible easily
I was just confused at this part because permission & rules are the solution as far as I know.
Thanks for the reply though :)
I'm prettry sure now that exposing keys are no problem.
Well, the trick is that using a KeyStore ensures that the key doesn't leak into the application (but is only used for cryptographic operations in a trusted environment).
However, you would need the plain key to authenticate against the database so using this wouldn't work.
Read-only access through intermediate proxy that you control (but not to all data like here) + login required for more access (via intermediate proxy or direct).
The article seems written much easier to follow than PintOS manual. Could anyone tell me how much writing OS became enjoyable by adopting Rust? Dealing with a excessive amount of unsafe pointers was really a pain in my memory.
