Firebase Database - Risks associated with exposing uid on the client side?

firebase firebase-realtime-database firebase-authentication

Solution 1:

A UID is just a string. There's no information in it. The piece of secret information is the user's password (which you can never see) and their temporary authentication token, which expires after an hour. The SDK will automatically refresh that token.

If your security rules are properly set up, there is no problem. If one user knows another user's UID, there's nothing the first user can do to affect the data of the second user if your rules don't allow it. You may want to separate public and private information about users into separate locations so they can have separate security rules, if that's what you need.

If for some reason you still think that the UID needs to be kept secret, you can generate a different UUID or something to identify the user and use that instead, but I don't know what extra security that will provide.

Related

Parse out key=value pairs into variables
jQuery selector doesn't update after dynamically adding new elements
How to share data between components using a service properly?
Matching alias template as template argument
How to pass parameters to the custom action?
Fatal error: Call to undefined function mysqli_result()
R/regex with stringi/ICU: why is a '+' considered a non-[:punct:] character?
Why was "SwitchTo" removed from Async CTP / Release?
How to add legend to ggplot manually? - R [duplicate]
What is the use case for var in ES6?
In C, given a variable list of arguments, how to build a function call using them?
Bootstrap 3 - Use more than 12 columns in a row