When implementing Firebase in Python, I think we will use the json file as a private key as follows:
If you decide to exe and distribute the Python file, you will probably end up distributing the json file as well.
In that case, will there be any security problems?
import firebase_admin
from firebase_admin import credentials
from firebase_admin import db
cred=credentials.Certificate('path/to/serviceAccountKey.json')
firebase_admin.initialize_app(cred)
By default, JSON in a service account should not be touched by a limited number of service administrators, depending on the distribution target.
Since the method of questioning allows distributors to pretend to be service accounts, distributing them to the public on the Internet can be a high-emergency security incident.
If you want your client to authenticate securely, you should use the language that the official SDK supports, or if you want to do so with Python, you should have a server to authenticate users and mediate the exchange of Firebase data
© 2024 OneMinuteCode. All rights reserved.