Here I am working on yet another client project, that requires no-backend. I'd like to use Firebase because it does everything we need, and in fact we've already built most of the microsite.
We didn't want to require our users to enter email, as we believe it's giving up too much identifiable information. Instead what we do is assign a @users.ourdomain.com email at sign-up & sign-in IF the user doesn't want to provide their own email address and remain more or less anonymous but still can access the site and their data again if needed. The microsite is a one-time experience (maybe two if you show your friends), nobody will come back in a year with a forgot password, so that's irrelevant for this situation.
I've come to realize that there's no way to fully secure the createUserWithEmailAndPassword function, as anyone can spam it and create tons of accounts and use-up all usernames or emails. Is there any way to incorporate a captcha-alike system without implementing a separate backend / token auth for Firebase?
The only solution I can think of right now is to fire up AWS Lambda just to handle Captcha & Tokening. But of course any solution that will remove the necessity of a backend is more preferable. Has anyone else run a similar problem before? If so how did you end up solving it?
Many thanks for your time, happy coding.
