Hacker News new | past | comments | ask | show | jobs | submit login

The fact that clients write directly into the database and that it's widely encouraged.

There are security rules in Firebase to prevent this, but bolt-on security models that the user has to explicitly enable haven't shown to work.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: