is it safe to store image URL from firebase storage to database?

1
votes

I am new in programming and in firebase. I am building an iOS app using firebase. actually I want to cache the image coming from firebase storage. and I am using Kingfisher pod to help me to download and to cache the image because.... it seems there is no cache image method provided by firebase storage

the code to download and to cache using kingfisher is like this:

let url = URL(string: "url_of_your_image")
imageView.kf.setImage(with: url)

it needs an URL, and thats why I manage to store the URL of the image that stored in firebase storage after the user successfully upload to firebase storage.

the URL of uploaded image in Firebase Storage look like this

https://firebasestorage.googleapis.com/v0/b/xxxxx.appspot.com/o/profilePicture%2Fefb36-df90-4fa5-ad42-bd452cdff?alt=media&token=313407-79c7-4c49-851a-4ae8452bdc

it has token.....

let say it is an image of profile picture of the user, so I will store it locally in the device after get it from firebase storage.

is this approach safe?

if I check, the token is different for every image in the firebase storage so I assume it will be okay

1
iosfirebasefirebase-realtime-databasegoogle-cloud-firestorefirebase-storage

1 Answers

2
votes

The download URLs that Firebase generates for Cloud Storage give public read access to the file to anyone who knows the URL. But as you've seen, the token is unique and considered unguessable. In general that means that the only way for someone to know the URL (and thus be able to read the file) is if you share the URL with them.

It is hard to give a blanket answer on whether something is safe. It depends on what you want it to be safe from, and how you store it.

For example: if you store it in a database where you grant everyone full read and query access, you're effectively giving everyone read-only access to all files. If that is exactly what you want, that is great. If it isn't what you want, you'll need to tailor your database security rules to fit with your needs.