Comment by p2hari
2 years ago
I saw the mention of Google's CEL for authorisation and permission, however would like to know a little about security. Apart from the appId, can I restrict call to db by domain etc. Firebase has protection on such things . somebody should not just take the appId and start calling db.
We don't currently expose the `domain` a request comes from in permissions, but we'd be happy to add that in. I've opened up a ticket here [1].
[1] https://github.com/instantdb/instant/issues/18
having abused a number of firebase databases I can say that the domain restrictions that firebase has don't do anything at all.