Saumya-28
commented
1 month ago I went through the same issue hence would like to work on this. Could you please assign this issue to me?
Open Rohit-554 opened 1 month ago
Saumya-28
commented
1 month ago I went through the same issue hence would like to work on this. Could you please assign this issue to me?
Saumya-28
commented
1 month ago Hi @sanika391 Can you please add gssoc tag to it
sanika391
commented
1 month ago Hi Rohit,
Thank you so much for bringing these security concerns to my attention regarding the SpoonShare project. I appreciate your diligence and the detailed steps you’ve provided. Ensuring the security and proper configuration of our project is paramount, and your feedback is incredibly valuable.
I would love to collaborate with you to address these issues and implement the necessary changes. Could you assist me with the following?
Updating the README: As you suggested, I need to include a detailed section on configuring a Firebase project. I want to make sure I cover all the necessary steps for contributors to set up their own Firebase projects and generate the required debug SHA keys.
Firebase API Keys: I need guidance on securely managing and storing these keys to prevent exposure.
Cloud Firestore API: I could use your expertise to ensure that this part is correctly configured and that the instructions are clear for all users.
If you're available, could we possibly schedule a time to discuss these points further and work through the updates together? Your assistance would be greatly appreciated and would help ensure that our contributors have a smooth and secure experience.
Thank you once again for your support and for offering to help improve the project.
Best regards, Sanika Chavan
Saumya-28
commented
1 month ago Hi @sanika391! I have created a FirebaseConfig file to guide users on setting up their own Firebase project, resolving security and configuration issues.
Rohit-554
commented
1 month ago Hi Rohit,
Thank you so much for bringing these security concerns to my attention regarding the SpoonShare project. I appreciate your diligence and the detailed steps you’ve provided. Ensuring the security and proper configuration of our project is paramount, and your feedback is incredibly valuable.
I would love to collaborate with you to address these issues and implement the necessary changes. Could you assist me with the following?
- Updating the README: As you suggested, I need to include a detailed section on configuring a Firebase project. I want to make sure I cover all the necessary steps for contributors to set up their own Firebase projects and generate the required debug SHA keys.
- Firebase API Keys: I need guidance on securely managing and storing these keys to prevent exposure.
- Cloud Firestore API: I could use your expertise to ensure that this part is correctly configured and that the instructions are clear for all users.
If you're available, could we possibly schedule a time to discuss these points further and work through the updates together? Your assistance would be greatly appreciated and would help ensure that our contributors have a smooth and secure experience.
Thank you once again for your support and for offering to help improve the project.
Best regards, Sanika Chavan
Hi @sanika391 Sorry for the late response, I am little busy and @Saumya-28 already stated the steps correctly
So, what you can do for now is to remove the file access of drive and instruct new contributors to follow the steps to create a new project in their own firebase account and configure the project and run it, they can take help of this firebaseconfig.md file, you can also create a video demonstrating the steps
sanika391
commented
1 month ago Ok sure
On Fri, May 24, 2024 at 12:21 PM Jadu @.***> wrote:
Hi Rohit,
Thank you so much for bringing these security concerns to my attention regarding the SpoonShare project. I appreciate your diligence and the detailed steps you’ve provided. Ensuring the security and proper configuration of our project is paramount, and your feedback is incredibly valuable.
I would love to collaborate with you to address these issues and implement the necessary changes. Could you assist me with the following?
- Updating the README: As you suggested, I need to include a detailed section on configuring a Firebase project. I want to make sure I cover all the necessary steps for contributors to set up their own Firebase projects and generate the required debug SHA keys.
- Firebase API Keys: I need guidance on securely managing and storing these keys to prevent exposure.
- Cloud Firestore API: I could use your expertise to ensure that this part is correctly configured and that the instructions are clear for all users.
If you're available, could we possibly schedule a time to discuss these points further and work through the updates together? Your assistance would be greatly appreciated and would help ensure that our contributors have a smooth and secure experience.
Thank you once again for your support and for offering to help improve the project.
Best regards, Sanika Chavan
Hi @sanika391 https://github.com/sanika391 Sorry for the late response, I am little busy and @Saumya-28 https://github.com/Saumya-28 already stated the steps correctly
So, what you can do for now is to remove the file access of drive and instruct new contributors to follow the steps to create a new project in their own firebase account and configure the project and run it, they can take help of this firebaseconfig.md file
— Reply to this email directly, view it on GitHub https://github.com/sanika391/SpoonShare/issues/41#issuecomment-2128709188, or unsubscribe https://github.com/notifications/unsubscribe-auth/A34TW2Y4A23TUQTSOYRRDZTZD3PQDAVCNFSM6AAAAABIA37CIWVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDCMRYG4YDSMJYHA . You are receiving this because you were mentioned.Message ID: @.***>
Hey @sanika391 , I am Rohit, Mentor for GSSoC, though not assigned for this project But i was exploring SpoonShare and found some
security threatsas you are exposing youfirebase Apikeys also that's not helping contributors as they can't run the application with the givenfirebaseoptions.dartandgoogle_services.jsonBecause when you create a firebase projectTo Reproduce Steps to reproduce the behavior:
Things need to be fixed!!
com.example.spoonsharemeals.spoonsharemealspackage nameCloud Firestore APIfrom thegoogle cloud consoleHope you understood my points, you can assign this to any of your contributors if he/she knows this better Thank you!