Open StatusQuo opened 5 years ago
I couldn't figure out how to label this issue, so I've labeled it for a human to triage. Hang tight.
@StatusQuo thanks for filing this! (I assume you're the same person I just talked to about this at UIKonf)
@StatusQuo We are actively working on this for Firestore. It should be released in the not so distant future. We unfortunately cannot promise release dates, but you can follow along here: https://github.com/firebase/firebase-android-sdk/pull/455
We currently don't have immediate plans to add a similar feature to the Realtime Database.
We've been treating this as the canonial issue for this https://github.com/firebase/firebase-js-sdk/issues/449. We'll also update there.
@wilhuff just FYI this request was for RTDB.
Sorry I wasn’t clear: I, was adding to the notes @schmidt-sebastian gave regarding Firestore.
Note that the implementation for RTDB should be similar at least at the lowest level—both use SQLite as their underlying storage on Android. Pull requests are welcome!
Firebase cannot achieve OWASP Mobile Checklist Level 1 compliance without some thought and care going into managing that cache. Firebase really has many shortcomings that push teams into poor-architecture corners, I hope Firebase lifts its game in that regard. Here the problem is partly that the OP's users are sharing devices (and sharing the same account on the device) - if a Google account is attached to the device under that shared account it begs the question: if in the context of a company, is that not a breach of policy (if policy is lacking, that is the gap that should be first filled); if general usage, is that not stupidity on the part of the device owner and owner of the Google account? That said, compliance initiatives mandate the ability to clear cache upon logout and Firebase completely misses that mark.
The lack of a supported mechanism to programmatically clear the (entire) cache in conjunction with a lack of schema versioning leaves developers in a problem situation when there needs to be a schema change in production.
Are there any news on this issue?
If at least we could clear all the persisted data RealTime Database would be usable without hacks with setPersistenceEnabled
across app restarts, this is fundamental when the database schema changes in a production environment
What feature would you like to see?
A function to clear the local persistence Cache for realtime database and firestore when persistenceEnabled is turned on.
FirbaseDatabase.getInstance().clearLocalCache()
The functions should drop all rows in the SQL Database Cache and also clear the write-ahead-log file.
How would you use it?
In our app, we are using user-specific database queries. When a user logging out and the other user is logged in. Anyone with root access to device storage can read personal data of a logged out user. We would clear the cache with every logout.