Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

SQL injection in firebase

Tags:

firebase

firebase-realtime-database

Firebase is a noSQL database and works differently from SQL, so how we can sanitize the data? For example, i cant seem to find mysqli_real_escape_string command for firebase database even in firebase documentation. Can anyone advice me on this? Would also appreciate if anyone can drop me a forum link about this and etc. Hungry to know about this :> Thanks

like image 552
NoobProgrammer Avatar asked Jan 22 '18 08:01

NoobProgrammer

People also ask

Is SQL injection possible with Firebase?

With Firebase, you don't build a SQL command (or any string command composed of various parts that require escaping) in order to execute a query. Instead, you use an API provided by the SDK, and pass strings that are automatically managed by the API. This means that SQL injection is not an issue here.

Is Firebase SQL or NoSQL?

The Firebase Realtime Database is a cloud-hosted NoSQL database that lets you store and sync data between your users in realtime.

Does Firebase offer SQL database?

Firebase uses NoSQL; MySQL uses SQL. Firebase is horizontally scalable; MySQL is vertically scalable. Firebase uses key-value, wide-column, graph, or document stores; MySQL is table-based.

1 Answers

Firebase Realtime Database (and Firestore) isn't vulnerable to SQL injection attacks.

First, it's helpful to understand what SQL injection attacks are. Please read this article to help with your understanding. Note that with SQL injection, the root problem is that the developer writes code has to build a SQL command to run, and the build (if not performed correctly) can be subtly modified by an attacker to do what they want.

With Firebase, you don't build a SQL command (or any string command composed of various parts that require escaping) in order to execute a query. Instead, you use an API provided by the SDK, and pass strings that are automatically managed by the API. This means that SQL injection is not an issue here. There is no SQL injection because there is no SQL (it's noSQL after all!).

Ensure that end users have no more access to data than they are entitled, you need to use Firebase Authentication and implement security rules that describe who has access to what data.

like image 144
Doug Stevenson Avatar answered Oct 10 '22 19:10

Doug Stevenson
Sign in to Comment

Related questions

How to decrypt Firebase requests to app-measurement.com
Problems with Firebase and SwiftUI Live Previews
Firebase multilingual Password Reset Email
Can Swift return value from an async Void-returning block?
Can't download GoogleService-Info.plist file
How to implement firebase cloud messaging in server side?
Adding custom hosting domain: "Unexpected TXT records found. Continuing to watch for changes."
Firebase authentication duration is too persistent
Google FCM getIntent not returning expected data when app is in background state
What is customURLScheme in Firebase Dynamic Links?
Access a cloud firestore document within a cloud function
FirebaseListAdapter not pushing individual items for chat app - Firebase-Ui 3.1
Authentication for firebase hosting
Error: cannot access zzbgl
How to check if a document contains a property in Cloud Firestore?
Can debug logging be added to firestore rules functions?
How to setup a firebase firestore and cloud function test suit with firebase Emulator for JS development
GoogleUtilities/AppDelegateSwizzler/Private/GULApplication.h' file > not found
How to add version in cloud function for firebase
How to add extra fields to Firebase auth? Age & Gender

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!