After excessive procrastination, I decided to improve my developer portfolio by building real-world projects that stand out from the job-hunting po...
For further actions, you may consider blocking this person and/or reporting abuse
Incredibly detailed post! Kuddos on this! Another alternative to email or to include in email is a ticket created using Vercel’s Image Generation.
Also a chef’s kiss would’ve been to frame the screenshots included in this post. I’ve created a simple OSS tool for this. Check it out and let me know what you think.
github.com/ekqt/screenshot
Sure, thank you, Hector!
Great and detail explanation ✨
Thank you, Ron 🔥
Just what I needed. Saved for tonight’s session.
Awesome, 💪
Nice Article and well written! Thanks for sharing
Glad, you enjoyed reading it Femi!
Great article and interesting idea for project!
Thank you, Oleg! 🙂
Awesome article!
Thank you, Avi! 😍
great article
Thank you, Dami 💪
Thank you, Abdullah
Thank you for this detailed post. For me, as a mostly BE developer it was impressive to see what is possible to do with firebase. For me as a person also interested a bit in security I had to give it a spin and see if I can manipulate others events. Took some searching, but it does work.
By changing a query in the browsers dev tool
I was able to see all events (excluding my own in this case)
I was also able to delete a event created by a second user I've registered.
Any idea how to prevent such attacks in your app?
Wow, this is new to me. I don't have any idea about this at the moment.
But, I will make some research, maybe it's from my end or Firebase.
Thank you for pointing it out, Martin.🫡
I'm curious what you find.
Maybe explaining how this came to my mind helps in figuring out how to prevent such attacks.
Seeing the listing to get all events by a user from firebase triggered me to try and modify the query. I was aiming for changing the network request directly but could not figure this out. Then I took a look at the source code in the developer tools and after some searching and debugging I found the correct place to edit the query in code while debugging.
Have a look here 😉
THANK YOU SO MUCH :)
How do you handle concurrent users?