I am developing a web service(server) for my web application to allow users
to get information about their account. After looking at every amazing
Google Cloud product, I am thinking of doing the following to have a secure
server on Google Cloud:
1. Having clients login with Firebase Auth on web app
2. Add security specifications in Cloud Endpoints to allow only firebase
logged in users to access* specific paths (*running on a node.js server
on Google App Engine)
3. Extract the ID token received on the server by decoding it to return
users only their data
- Is simply having firebase security rules in the openAPI file in
Cloud Endpoints enough to make sure only users logged in can access their
*own* data?
I'm also limiting access to some paths for service accounts, after making
that security rule in Cloud Endpoints, isn't there really anything else to
do to make sure the system is secure. Is it really this easy to achieve a
secure system? After this point, is it just my google account's security
thats left to protect?
--
You received this message because you are subscribed to the Google Groups
"Google App Engine" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
Visit this group at https://groups.google.com/group/google-appengine.
To view this discussion on the web visit
https://groups.google.com/d/msgid/google-appengine/492cc1fc-7f2d-43c1-8655-af8405730a74%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
