As a user making or receiving a host request, I expect the content of this exchange to be private information which cannot be read by unauthorized third parties.
Currently host requests are written to the user records under /Users/<id> in Firebase RTDB, so legible by everyone until #30 is fixed and all logged in users after that. We should probably store them under a specific path in RTDB or Firestore, like Chats, so that only the sender and receiver and admins can access them.
As a user making or receiving a host request, I expect the content of this exchange to be private information which cannot be read by unauthorized third parties.
Currently host requests are written to the user records under
/Users/<id>in Firebase RTDB, so legible by everyone until #30 is fixed and all logged in users after that. We should probably store them under a specific path in RTDB or Firestore, like Chats, so that only the sender and receiver and admins can access them.