Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

SQL injection in firebase

Firebase is a noSQL database and works differently from SQL, so how we can sanitize the data? For example, i cant seem to find mysqli_real_escape_string command for firebase database even in firebase documentation. Can anyone advice me on this? Would also appreciate if anyone can drop me a forum link about this and etc. Hungry to know about this :> Thanks

like image 552
NoobProgrammer Avatar asked Jan 22 '18 08:01

NoobProgrammer


People also ask

Is SQL injection possible with Firebase?

With Firebase, you don't build a SQL command (or any string command composed of various parts that require escaping) in order to execute a query. Instead, you use an API provided by the SDK, and pass strings that are automatically managed by the API. This means that SQL injection is not an issue here.

Is Firebase SQL or NoSQL?

The Firebase Realtime Database is a cloud-hosted NoSQL database that lets you store and sync data between your users in realtime.

Does Firebase offer SQL database?

Firebase uses NoSQL; MySQL uses SQL. Firebase is horizontally scalable; MySQL is vertically scalable. Firebase uses key-value, wide-column, graph, or document stores; MySQL is table-based.


1 Answers

Firebase Realtime Database (and Firestore) isn't vulnerable to SQL injection attacks.

First, it's helpful to understand what SQL injection attacks are. Please read this article to help with your understanding. Note that with SQL injection, the root problem is that the developer writes code has to build a SQL command to run, and the build (if not performed correctly) can be subtly modified by an attacker to do what they want.

With Firebase, you don't build a SQL command (or any string command composed of various parts that require escaping) in order to execute a query. Instead, you use an API provided by the SDK, and pass strings that are automatically managed by the API. This means that SQL injection is not an issue here. There is no SQL injection because there is no SQL (it's noSQL after all!).

Ensure that end users have no more access to data than they are entitled, you need to use Firebase Authentication and implement security rules that describe who has access to what data.

like image 144
Doug Stevenson Avatar answered Oct 10 '22 19:10

Doug Stevenson