I want to make an app that stores user data using firestore from firebase. My question is: Is there any possible way for a hacker to somehow access the database? I still want to be able to read/write/delete/edit from inside the app.(I'm using Python)
Related
I´m having trouble finding information about storing different data to multiple accounts in Firebase. I am making a Kivy / Python app that can create a to-do list and has a login screen. My login screen is working via Firebase, but the to-do list is stored using sqlite3 (for now), which means that everytime I log in with a different account, the same saved list from other accounts is showing in the app. I will put the code if requested.
I have recently started with pyrebase and I am having trouble in storing data depending on user and receiving it. After completing the authentication part I create a user ID as user['idToken']
And then pushed data by using
archer = {"name": "Sterling Archer", "agency": "Figgis Agency"}
db.child("agents").push(archer, user['idToken'])
I assume that each user has different ID token which remains same even if we logout and relogin. but when I am using
all_agents = db.child("agents").get(user['idToken']).val()
print(all_agentes)
It's printing all data stored in realtime database. Even which were stored by other users.
I tried reading all it's documentation, but I was unable to understand how to handle it.
What's wrong that I am doing in here and How can I correct it?
Use user[localId] instead of user[idToken] as it will create database for every different user separately
Just a heads up, I am new to using web frameworks. My only experience so far comes from completing the VSCode, Django and Mozilla MDN tutorials. But I'm making my way through these along with my own project.
I'm creating a web app that has an "official" database table that all website/app users can view. But, I want to be able to let them add their own data entries to the table, which only they can view and edit. And would be able to grant other users/friends access to their created data entries, to expand the total number of entries made available. Without making everyone using the site having to work out which data entries are the "official" and which are user created.
Hopefully a better way of understanding what I'm planning
So, what would be the best method for setting up user accounts to have access to the main database table and their own data set, which they can grant access for others to view?
Would this mean creating a table for each user, and if so how can this be set up automatically upon account creation?
I've read that creating a new table in the database can be cumbersome later on if lots of accounts with their own tables of data are created.
I've looked through the Django documentation, but it seems to be more focussed on user account creation and authorisation. And regarding databases, I can't find any questions/posts that relate to what I'm trying to make. Especially with creating a personal list of data entries for each user upon account creation.
Thank you, for taking the time to read this, even if you don't have an answer!
I have not worked with Django seriously and my only experience is the tutorials on their site.
I am trying to write my own application now, and what I want is to have some sort of API. My idea is that I will later be able to use it with a client written in any other language.
I have the simplest of all apps, a model that has a name and surname field.
So the idea is that I can now write an app lets say in c++ that will send two strings to my Django app so they can be saved in the database as name, surname respectively.
What I know until now is to create a form so a user can enter that information, or have the information in the url, and of curse adding them myself from the admin menu.
What I want though is some other better way, maybe creating a packet that contains that data. Later my client sends this data to my Django webpage and it will extract the info and save it as needed. But I do not know how to do this.
If my suggested method is a good idea, then I would like an example of how this is done. If not the I would like suggestions for possible things I could try out.
Typically, as stated by #DanielRoseman, you certainly want to:
Create a REST API to get data from another web site
Get data, typically in JSON or XML, that will contain all the required data (name and surname)
In the REST controller, Convert this data to the Model and save the Model to the database
Send an answer.
More information here: http://www.django-rest-framework.org/
I use Python 3 as a serverside scripting language, and I want a way to keep users logged into my site. I don't use any framework, since I prefer to hand code pages, so how do I create session variables like in PHP in Python 3?
The logic of a session is storing a unique session id inside the user cookie ( uuid package will do a perfect job for that ). And you store the sessions data inside a file, database or other semi-permanent datastore.
The idea is matching the sessionid that you receive from your user cookie, to some data stored somewhere on your server.
I assume that you know how to add the right header to set a cookie via the response header.
Otherwise there is more information here : http://en.wikipedia.org/wiki/List_of_HTTP_header_fields#Responses