Can I show the $ uid generated by Firebase Authentication?

Question

Can I show the $ uid generated by Firebase Authentication?

I have Firebase authentication enabled, and after registering a new user, I create several other data tables, and I distinguish them by the $uid generated by Firebase. In addition, $uid displayed in the address bar of the browser, for example:

 http://localhost:4200/accounts/6WvgabEHMRbGYxJ0inaCjWHmkif2

How safe is it to use it this way (and this is common practice)?

+7

security angular firebase firebase-authentication

Jd 12 sept '17 at 13:08

source share

1 answer

Michael · Accepted Answer · 2017-09-12T15:12:16+0000

It is completely safe to put the uid in the URL.

If you go, for example, to your stackoverflow account, the numbers that you see in front of your name are your user ID. This is the URL of your account:

https://stackoverflow.com/users/8558489/user370486

I can see your user ID 8558489 in the url before it shows your username, but I cannot do anything malicious with this information. Websites like facebook use your username in the url, youtube uses your user id, this is what you prefer. I would rather see your username in the url because it is more meaningful when you look at it, but it is up to you! Hope this helps.

EDIT:

However, it can be argued that it may be less secure to have a username in the URL. If the application allows the username to be the same as the password, or if the username is allowed to be stored in a password, this makes an easy, gross attack. Wid is a good way to go.

Can I show the $ uid generated by Firebase Authentication?

More articles: