[Vulnerability] Exposed Firebase Credentials #1772
Comments
|
Maybe you shoukd not show this publicly. There is AI bots around the internet searching for stuff like this. I would recommend deleting the issue and contacting Fireship.io |
|
Guys it's been a month? Is this issue fixed |
|
Then close it |
|
I don't mean to be rude, but this guy is selling coding courses and doesn't even know that credentials should never be directly included in the code. Always use environment variables, even in the local environment. |
|
I mean uhh you're right and it could've been a mistake |
|
It's fine to make these credentials public (as long as you secure the Firebase services via their respective rules systems, and other configuration). See: https://firebase.google.com/docs/projects/api-keys |
You're right too! If he has security rules i don't think someone can misuse it. |
https://github.com/fireship-io/fireship.io/blob/master/app/util/firebase.ts
Please remove the following firebase key as it can lead to unauthorized access.
The key is valid .
The text was updated successfully, but these errors were encountered: