How to hide documents fields in a web CMS but not in android & iOS

Related searches

Could you help me, provide me some tips and guide me to better secure my project ?

The project is a quizz with questions and answers.

  • I have a web based CMS managed by an admin(custom claim) which connects to Firestore to CRUD data.

  • Other users can connect a front end dashboard to see questions and answer them.

  • There are 2 apps, iOS and android, users can also download the apps and answer questions.

In Firestore there is a collection "questions" with answers documents, each answer contain a field is_correct_answer (boolean)

How can I block users so that they won't be able to read the field is_correct_answer ?

If a clever user tries to inject the code below, he will see which is the correct answer of the question.

firebase.firestore()
          .collection("questions")
          .doc("question_1")
          .collection("answers")
          .doc("answer_1")
          .get().then(function(snap){

console.log(snap.data().is_correct_answer );
        })

Maybe it's a database related problem, a firestore rule, a wrong schema,... I don't really know. I just need to hide the correct answer to the user. I don't want them to find a path to see the corrects answers.

Thank you.

Firestore client-side SDKs always retrieve complete documents. There is no way to return (or restrict access to) a part of a document.

If you want certain fields to be inaccessible, you'll need to store those fields into a separate document. You can then control access to that specific document with security rules, and read the restricted document only for users who are supposed to have access to it.

Using WordPress as a Headless CMS, Sufyan bin Uzayr explains what a headless CMS is and why you integrate your CMS with a different coding methodology and not use the applications and websites built atop a headless CMS architecture You can easily use API calls in a headless CMS to deliver content to an iOS or Android platform. 2. How to Hide Files in Android without any App. Most of the media players in Android automatically search and index the supported contents like photos, music, and videos, etc. In the first method the folder was hidden, but in this method, the folder is not hidden.

An alternative is to restrict access to the answers for users. Have the users submit an "answers" sheet when they complete the quiz/ each question and have a Cloud Function check the submitted answers, retrieve the private answers documents and update the submitted answer sheet, with a score.

Handling common accessibility problems, When we say accessibility in the context of web technology, most people make the text way too small or hide it using CSS), but will also be usable by <h1>My heading</h1> <p>This is the first section of my document. This allows us to tab to the buttons, but not to activate them via the Enter/Return key. 1. First open your File Manager and then create a new folder.Now move all the files you want to hide into that folder. 2. Then go to your File Manger settings.And enable the option “ Show Hidden Files/Folders “.

Thanks to the explanations provided by Frank van Puffelen and Jason Berryman, I finally found a solution to my problem:

I trigger an HTTP function which asks the admin SDK if the user exists. If true, I pass a JWT and log in the user. All requests made by this user are checked, thanks to the JWT back end. Doing this prevents the user from directly communicating with Firebase on the client side. Apps are encrypted and connection is HTTPS.

I don't know if this is safe and a "good practice", but it does work for me.

Note that this trick is for only files and not for folders. Note that the files are not hidden. They are just not shown in gallery application. Method 4 (Using Third Party Applications) : Third method is to hide files and folders using third party applications. There are lots of android apps available in Play Store which are used to hide files

Step 1- Open your File Manager & Create a new folder. Then Move all the files, you want to hide into that folder. Step 2- Then Go to File Manager Settings. & Enable the option of “ Show Hidden Files “.

Here’s how you can use the File hide pro app to hide the personal files and folders on your android phone. How to Hide Files and Folders on your Android Phone. Step 1: Install the File Hide Pro app from the Google Play Store. Step 2: As I said earlier, the app will disguise itself into a tip calculator app. So tap on the tip calculator app to

ಆಂಡ್ರಾಯ್ಡ್ ಸ್ಮಾರ್ಟ್‌ಫೋನ್‌ನಲ್ಲಿ ಗೂಗಲ್ ಪ್ಲೇ ಸ್ಟೋರ್‌ನಿಂದ ಯಾವುದೇ ಇತರ ಆ್ಯಪ್‌ ಡೌನ್‌ಲೋಡ್ ಮಾಡದೆ, ಫೈಲ್‌ಗಳನ್ನು ಅಡಗಿಸಿಡುವ ವಿಧಾನ ಇಲ್ಲಿದೆ. ಮೊದಲು ಒಂದು ಹಿಡನ್

Comments
  • Thanks for answering. Is there a way to protect those separate documents so that only an iOS or Android app could access it ? I'm not an app dev so I don't know at all. A web based cms seems a bad idea if a user can access a database in a web browser and in an app? If the user wants to see the correct answer in the app he would have to have a security flag, but having this security flag could let him to see the correct answers in the web based cms.
  • Access control in Firebase is based on user identity, not on the platform the user uses to access the data. That also wouldn't work, since any user can sign in to any platform (the APIs and configuration data are in each of your apps), so a malicious Android user could just write their own web code to read the other data.
  • Without any security rules, is it possible to decompile an iOs or android app to acces the database and manipulate it ?
  • All configuration data is in the app, since otherwise the app couldn't access the database. There is nothing that allows the database to only be accessed from a specific app/platform.
  • Ok, so if a malicious user tried to decompile the app he would be able to access Firestore if no Firestore rules were established ? I won't bother you any longer after that ;)