Open Rohit-554 opened 1 month ago
I went through the same issue hence would like to work on this. Could you please assign this issue to me?
Hi @sanika391 Can you please add gssoc tag to it
Hi Rohit,
Thank you so much for bringing these security concerns to my attention regarding the SpoonShare project. I appreciate your diligence and the detailed steps you’ve provided. Ensuring the security and proper configuration of our project is paramount, and your feedback is incredibly valuable.
I would love to collaborate with you to address these issues and implement the necessary changes. Could you assist me with the following?
Updating the README: As you suggested, I need to include a detailed section on configuring a Firebase project. I want to make sure I cover all the necessary steps for contributors to set up their own Firebase projects and generate the required debug SHA keys.
Firebase API Keys: I need guidance on securely managing and storing these keys to prevent exposure.
Cloud Firestore API: I could use your expertise to ensure that this part is correctly configured and that the instructions are clear for all users.
If you're available, could we possibly schedule a time to discuss these points further and work through the updates together? Your assistance would be greatly appreciated and would help ensure that our contributors have a smooth and secure experience.
Thank you once again for your support and for offering to help improve the project.
Best regards, Sanika Chavan
Hi @sanika391! I have created a FirebaseConfig file to guide users on setting up their own Firebase project, resolving security and configuration issues.
Hi Rohit,
Thank you so much for bringing these security concerns to my attention regarding the SpoonShare project. I appreciate your diligence and the detailed steps you’ve provided. Ensuring the security and proper configuration of our project is paramount, and your feedback is incredibly valuable.
I would love to collaborate with you to address these issues and implement the necessary changes. Could you assist me with the following?
- Updating the README: As you suggested, I need to include a detailed section on configuring a Firebase project. I want to make sure I cover all the necessary steps for contributors to set up their own Firebase projects and generate the required debug SHA keys.
- Firebase API Keys: I need guidance on securely managing and storing these keys to prevent exposure.
- Cloud Firestore API: I could use your expertise to ensure that this part is correctly configured and that the instructions are clear for all users.
If you're available, could we possibly schedule a time to discuss these points further and work through the updates together? Your assistance would be greatly appreciated and would help ensure that our contributors have a smooth and secure experience.
Thank you once again for your support and for offering to help improve the project.
Best regards, Sanika Chavan
Hi @sanika391 Sorry for the late response, I am little busy and @Saumya-28 already stated the steps correctly
So, what you can do for now is to remove the file access of drive and instruct new contributors to follow the steps to create a new project in their own firebase account and configure the project and run it, they can take help of this firebaseconfig.md file, you can also create a video demonstrating the steps
Ok sure
On Fri, May 24, 2024 at 12:21 PM Jadu @.***> wrote:
Hi Rohit,
Thank you so much for bringing these security concerns to my attention regarding the SpoonShare project. I appreciate your diligence and the detailed steps you’ve provided. Ensuring the security and proper configuration of our project is paramount, and your feedback is incredibly valuable.
I would love to collaborate with you to address these issues and implement the necessary changes. Could you assist me with the following?
- Updating the README: As you suggested, I need to include a detailed section on configuring a Firebase project. I want to make sure I cover all the necessary steps for contributors to set up their own Firebase projects and generate the required debug SHA keys.
- Firebase API Keys: I need guidance on securely managing and storing these keys to prevent exposure.
- Cloud Firestore API: I could use your expertise to ensure that this part is correctly configured and that the instructions are clear for all users.
If you're available, could we possibly schedule a time to discuss these points further and work through the updates together? Your assistance would be greatly appreciated and would help ensure that our contributors have a smooth and secure experience.
Thank you once again for your support and for offering to help improve the project.
Best regards, Sanika Chavan
Hi @sanika391 https://github.com/sanika391 Sorry for the late response, I am little busy and @Saumya-28 https://github.com/Saumya-28 already stated the steps correctly
So, what you can do for now is to remove the file access of drive and instruct new contributors to follow the steps to create a new project in their own firebase account and configure the project and run it, they can take help of this firebaseconfig.md file
— Reply to this email directly, view it on GitHub https://github.com/sanika391/SpoonShare/issues/41#issuecomment-2128709188, or unsubscribe https://github.com/notifications/unsubscribe-auth/A34TW2Y4A23TUQTSOYRRDZTZD3PQDAVCNFSM6AAAAABIA37CIWVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDCMRYG4YDSMJYHA . You are receiving this because you were mentioned.Message ID: @.***>
Hey @sanika391 , I am Rohit, Mentor for GSSoC, though not assigned for this project But i was exploring SpoonShare and found some
security threats
as you are exposing youfirebase Api
keys also that's not helping contributors as they can't run the application with the givenfirebaseoptions.dart
andgoogle_services.json
Because when you create a firebase projectTo Reproduce Steps to reproduce the behavior:
Things need to be fixed!!
com.example.spoonsharemeals.spoonsharemeals
package nameCloud Firestore API
from thegoogle cloud console
Hope you understood my points, you can assign this to any of your contributors if he/she knows this better Thank you!