Using the firebase platform..
I would like to save some custom information about a user once they register.. and just for examples sake, lets say his/her favorite color.
So far when I register a user this is the only meta data I get
What options are at my disposal to get this done?
You have two options:
1 - Use Custom Claims
You can save additional data to the access token of the user. You can read that data directly from the user in the frontend and also in all database rules. I would recommend to use this for basic auth data like isAdmin or isRole if there are not much data to save. The reason for that is that it's quite limited in the amount of data you can save. Because it's saved in the token it has to be small so you should not save to much in it. You can find more about it here. You should edit this fields by a firebae cloud function using the admin sdk.
2 - Use one of the databases
I see it very often and it's quite common in Firebase to store such additional user data into one of the Firebase databases. You can make those 1000% securely by allowing only the user to write and read then or only to read depending on your needs. If you want to save more than just simple data I would recommend this. One reason more is if any other user like admin needs that data from another user you would not be able to get it by using the first option. It is also much easier to do it when the user needs to save data for himself and by himself. With the first version you would always need to involve cloud functions.
I very often use combination of both where I save such data like isAdmin to the custom claims but all other like nickname or some settings like language to a database. With the database I can also make it very easy to search through all users when you are an admin.
Related
I’m brand new to realm and have been digging around in the docs all day today. I come from a sql background and am struggling finding out if what I want done can be accomplished with realm.
I’m wanting to create an app that allows normal users to fill out a simple form, and allow admins to access (read only) these forms. Ideally the admin would see all forms created by users listed in a tableview.
After completed the swift tutorial online, I get the impression that only the user who created the realm object can access it…
Is it possible to accomplish what I described above with realm?
There is no way to query multiple Realm files at once currently. In your use case, I recommend you to share one account (created automatically on your application), write multiple users' data to one file. Or sharing one file for multiple users by using Realm's permission change feature, see also https://realm.io/docs/swift/latest/#modifying-permissions
I am building a web-app with Meteor and i am using the Meteor Accounts-password package and accounts-facebook package to make login easy. The user has some information tied to them like email & password, but i want to tie more information to them after the account has been created.
I know of two ways that i could do that and i was wondering how i should do it, since i can't seem to find any information about it on the internet.
Option 1:
I add all the additional information (like username, displayname and other stuff) inside the Meteor.user.profile object. This seems to be a bad solution since users by default have access to everything in the profile object and i have to manually deny them access.
Option 2:
I create a new collection, Profile-information, and store all additional data about the user and then tie it to the meteor.user object via some shared key. This also seems like a bad solution since i have to split my data like in SQL and not have all the advantages of embedded documents in mongodb.
This has been my thought process so far and i am at a loss of how to continue.
Which option seems to be the best way, or is there an option 3 that would work better?
Thanks in advance.
Thanks to #forallepsilon i found out that you could write any data to the user object you want. I previously though that the user object was locked, and you could only store additional data in the profile field.
I will store the additional data i have about the user inside the Meteor.user object by just creating additional fields.
I want to implement database authentication in mongodb.
In order to do that, I found out that I need to first create an admin user and then create separate users for each of my database through mongodb client shell (manually or using a javascript file).
I was wondering if it is possible to add user to the individual databases from the spring application itself but did not get any useful pointers to do this. Is it that this approach is wrong because if this possible the application will always be able to access the database because it itself is creating the user, but external access will still be blocked.
Please let me know how this can be achieved or if it is an incorrect approach.
After you add a normal user via the MongoShell, you can then connect via your application and create either normal users, or read only users.
Note that a normal user can also add users, so the users your application adds may need to be down as read only users depending on your use case and needs.
In the MongoShell, adding a read only user can be done via
use myAppDB
db.addUser("JohnSmith", "CheddarCheese", true)
I'd like to use Amazon SimpleDB to store data for my iPhone app. Different users will own items within the same domain. I'd like for users to be able to delete their own items but not each others', and for this restriction to be enforced server-side.
I am hoping to use anonymous TVM.
What is the best way to do this?
Using IAM User Management you can create a custom policy for each user or group to allow or deny access to delete items in SimpleDB. If each user has their own domain you can restrict access to the domain by using the arn format arn:aws:sdb:<region>:<account_ID>:domain/<domain_name>
I think that you can't use IAM - you seem to say that you have one domain where all user data is stored.
One way to achieve what you want is to use item name prefixes that are user based, e.g. user jimsmith would have all items stored under an item name that beings with 'jimsmith' or some random string, unique to jimsmith (which could be stored somewhere).
Then you are in charge of security, so you would not be able to have the phones directly query AWS - they would need to talk to your intermediary server which would handle security. You have to assume that people could run the app on a jailbroken phone, and decompile, etc.
You can use IAM to restrict a single user to a small portion of an S3 bucket though. You could then index the bucket using a server app of your design. Then the DB could be used for searching purposes with your own code, so that iPhones only deal with S3.
From what I have researched the simpleDB user right policies aren't designed to be used in such a way you are proposing (meaning undisclosed number of users of the app) and the way to handle this might be to use some server application in-the-middle as was suggested here: Mobile app and SimpleDB direct 'Access Policy'
I'm working on a small marketing project with Zend Framework, the backoffice of the project is currently made of two controller: a campaign controller and a minisite controller.
The user create a campaign with a form, then he have to create a minisite with a second form linked to this campaign, so i need to get the campaign and the user id when saving the data of the minisite.
What is the best practice and why? should i pass those variables in a session object? or should i pass those variables through a route like :
/backoffice/minisite/create/:userid/:campaign/
Edit: users are logged and authenticated when creating campaigns
Assuming users have to be logged in to do this, you could store the user information you need in a Zend_Auth identity
If not, you could store the data in a normal session var with Zend_Session or redirect to with the route. Either option is good, so it's up to you to pick the one which best suits you and your application.
For passinf information between two controller the best way is to use session to store the values globally . :-)
I'm pretty sure users need to have an account to do these things. If yes, there campaigns and minisites will be associated with them in some way. I'd store and retrieve these things from some form of database.
If you're not having authenticated users and you really just need to pass two variables to another action, use url parameters but be aware of the fact that users can mess with them and a lot of unexpected stuff can happen. Storing in the session is harder to manipulate in that way.
So, if no authentication is involved and the site is public, use the session, otherwise use neither but use storage.
I would use the route option, as you suggest. Using sessions is going to end up being very difficult to test, debug, extend in the future etc.