alt Hacker NewsFirebase seems to suffer a similar problem of people not setting permissions right. The only major difference is that they seem to steer devs pretty aggressively to Google auth which won't leak password hashes.
While in theory your API can be the database it seems like a footgun for the inexperienced and AI.
Replies
tonyhart7 • yesterday at 8:44 PM
to be fair, Auth and access control is just "hard" problem in general tbh
we have so many data breach because they lack "common basic" security best practices, we aren't talking about state level hacker here
just public bucket storage and so on
AWS also had to add some serious warnings into S3 console to stop people from blowing their foot off with public buckets.