问题
I am using Firebase in my android project where every user will have his details stored like name, phone number, video_url, thumbnail_url etc. Now the way I have used it before in my previous projects is as shown in the pic-
I did not use the Firebase's auto generated id/Hash but used email id instead. It was easier for me that way. But someone told me that it is unsafe to use emails instead of autogenerated hash/ids and the recommended way is to use hashes. So the question is, is it really unsafe to not use hashes and use email id instead for convenience?
Also if it is unsafe, what is the recommended way to write different key-value pairs under the same hash if we are not inserting all key-values at the same time as an object?
回答1:
Firebase's push IDs are more typically used in situations where you'd use a sequential number in more traditional databases. Firebase push IDs are not meant as a security mechanism, as they don't contain enough entropy to be unguessable. For more about them, see this blog post and this one.
Storing data under email addresses is also quite common.
Either approach can be secure, and non-secure, depending on many factors or your app's needs. If someone told you that your data structure is unsafe, I'd recommend asking them what's unsafe about it.
来源:https://stackoverflow.com/questions/45898277/writing-firebase-database-without-using-their-auto-generated-key-in-android