javascript - Firebase & Captcha for createUserWithEmailAndPassword - Stack Overflow

admin管理员组

文章数量:1023895

Here I am working on yet another client project, that requires no-backend. I'd like to use Firebase because it does everything we need, and in fact we've already built most of the microsite.

We didn't want to require our users to enter email, as we believe it's giving up too much identifiable information. Instead what we do is assign a @users.ourdomain email at sign-up & sign-in IF the user doesn't want to provide their own email address and remain more or less anonymous but still can access the site and their data again if needed. The microsite is a one-time experience (maybe two if you show your friends), nobody will e back in a year with a forgot password, so that's irrelevant for this situation.

I've e to realize that there's no way to fully secure the createUserWithEmailAndPassword function, as anyone can spam it and create tons of accounts and use-up all usernames or emails. Is there any way to incorporate a captcha-alike system without implementing a separate backend / token auth for Firebase?

The only solution I can think of right now is to fire up AWS Lambda just to handle Captcha & Tokening. But of course any solution that will remove the necessity of a backend is more preferable. Has anyone else run a similar problem before? If so how did you end up solving it?

Many thanks for your time, happy coding.

Here I am working on yet another client project, that requires no-backend. I'd like to use Firebase because it does everything we need, and in fact we've already built most of the microsite.

We didn't want to require our users to enter email, as we believe it's giving up too much identifiable information. Instead what we do is assign a @users.ourdomain. email at sign-up & sign-in IF the user doesn't want to provide their own email address and remain more or less anonymous but still can access the site and their data again if needed. The microsite is a one-time experience (maybe two if you show your friends), nobody will e back in a year with a forgot password, so that's irrelevant for this situation.

I've e to realize that there's no way to fully secure the createUserWithEmailAndPassword function, as anyone can spam it and create tons of accounts and use-up all usernames or emails. Is there any way to incorporate a captcha-alike system without implementing a separate backend / token auth for Firebase?

The only solution I can think of right now is to fire up AWS Lambda just to handle Captcha & Tokening. But of course any solution that will remove the necessity of a backend is more preferable. Has anyone else run a similar problem before? If so how did you end up solving it?

Many thanks for your time, happy coding.

• javascript
• firebase
• frontend
• captcha

Share Improve this question Follow asked Feb 22, 2017 at 12:42 johnozbayjohnozbay 2,22211 gold badge2727 silver badges2828 bronze badges

Add a ment  | 

1 Answer 1

Sorted by: Reset to default 7

Firebase Authentication supports the authentication providers listed in its documentation. There is no built-in captcha support for its email+password provider. But to be honest, it sounds like you could reach most of your stated goals with anonymous authentication, which will be a lot simpler.

Aside from that you seem concerned about malicious user creation. While that is definitely a possibility, it has no impact on a well designed app. Authentication (knowing that you are you) has no impact on authorization (what you are allowed to do). For a good answer on that topic, see How to prevent other access to my firebase

Here I am working on yet another client project, that requires no-backend. I'd like to use Firebase because it does everything we need, and in fact we've already built most of the microsite.

We didn't want to require our users to enter email, as we believe it's giving up too much identifiable information. Instead what we do is assign a @users.ourdomain email at sign-up & sign-in IF the user doesn't want to provide their own email address and remain more or less anonymous but still can access the site and their data again if needed. The microsite is a one-time experience (maybe two if you show your friends), nobody will e back in a year with a forgot password, so that's irrelevant for this situation.

I've e to realize that there's no way to fully secure the createUserWithEmailAndPassword function, as anyone can spam it and create tons of accounts and use-up all usernames or emails. Is there any way to incorporate a captcha-alike system without implementing a separate backend / token auth for Firebase?

The only solution I can think of right now is to fire up AWS Lambda just to handle Captcha & Tokening. But of course any solution that will remove the necessity of a backend is more preferable. Has anyone else run a similar problem before? If so how did you end up solving it?

Many thanks for your time, happy coding.

Here I am working on yet another client project, that requires no-backend. I'd like to use Firebase because it does everything we need, and in fact we've already built most of the microsite.

We didn't want to require our users to enter email, as we believe it's giving up too much identifiable information. Instead what we do is assign a @users.ourdomain. email at sign-up & sign-in IF the user doesn't want to provide their own email address and remain more or less anonymous but still can access the site and their data again if needed. The microsite is a one-time experience (maybe two if you show your friends), nobody will e back in a year with a forgot password, so that's irrelevant for this situation.

I've e to realize that there's no way to fully secure the createUserWithEmailAndPassword function, as anyone can spam it and create tons of accounts and use-up all usernames or emails. Is there any way to incorporate a captcha-alike system without implementing a separate backend / token auth for Firebase?

The only solution I can think of right now is to fire up AWS Lambda just to handle Captcha & Tokening. But of course any solution that will remove the necessity of a backend is more preferable. Has anyone else run a similar problem before? If so how did you end up solving it?

Many thanks for your time, happy coding.

• javascript
• firebase
• frontend
• captcha

Share Improve this question Follow asked Feb 22, 2017 at 12:42 johnozbayjohnozbay 2,22211 gold badge2727 silver badges2828 bronze badges

Add a ment  | 

1 Answer 1

Sorted by: Reset to default 7

Firebase Authentication supports the authentication providers listed in its documentation. There is no built-in captcha support for its email+password provider. But to be honest, it sounds like you could reach most of your stated goals with anonymous authentication, which will be a lot simpler.

Aside from that you seem concerned about malicious user creation. While that is definitely a possibility, it has no impact on a well designed app. Authentication (knowing that you are you) has no impact on authorization (what you are allowed to do). For a good answer on that topic, see How to prevent other access to my firebase

本文标签： javascriptFirebase amp Captcha for createUserWithEmailAndPasswordStack Overflow