Thank you so much for taking the time to review my project and its code thoroughly. I truly appreciate the effort you put into identifying all the issues and security problems. I will carefully address each one to ensure the integrity and safety of my project. Thanks again for your help and guidance!
The sole purpose of firebase is for the serverless architecture! If the development did not use security rules in the project it is his fault not firebase ! And whats the point in writing those functions on back-end when we want to manage servers and stuff!
Server less just means you don’t handle scaling of servers. Firebase itself hosts all your backend code on gcp. It just allows you to use it as it is without you managing them.
this content is actually good, these kind of reviews helps what to look out for, avoid bad practices, look at good practices, and people can learn how actual production might look like. would love to see more project review or content like this.
Can we expect frequent code review videos? I would love to learn more about senior developers' perspectives on junior developers' code. It definitely helps us to avoid bad practices and implement good ones.
thats great sir, this type of videos actually helps us to write better code with best practices... can you please make a video on Appwrite ? should we use it or not ? or its actually better than firebase or anything related to it..
7:18 I think that the reason he separated the signin page component from the page.js file was because the signin component is a client side component and if he were to write the entire component inside the page.js file itself, then the entire page will switch to client side on demand rendering, which eliminates the entire purpose of using nextjs.
Keeeping that in mind i use pocketbase (in docker container) for my side projects and Supabase for big projects but prefer this all Supabase operations on the backend api end points
Bhaiya, If possible, please make a video on: 1. What ORM should we use? (I saw your video on Prisma, and you didn't like it, so, what do you suggest in 2024)? 2. How to scale a Backend System, what do you do to make API fast and secure? 3. How do you make Data retrieval faster, or how to optimize a SQL/No SQL DB? I was able to crack 12 LPA jobs last month, so, Thanks to you and Codedamn, helped a lot. I hope I meet you someday 🤝
a diffrent signIn component makes sense in this use case right because it has to use some client side functionality so it is marked as use client and then used in a server component instead of making that whole page a client component
As far as i can understand using a separate component for the SignIn at 7:57 could be to get the client side rendering separate from the page so only the inside SignIn is client rendered as you have a form to submit but the rest of the page is rendered on server. Would have made more sense if he had something to run on the server in that component but he did not have to. Still a good approach to use if you somehow miss it. If I am wrong do tell me
True. Firebase rules are a pain to set up. However I used firebase for an Android app so it's hard to interfere with the frontend code (app) so it was okay but still it was insecure if anyone got the db url :/ But yeah I refrain from using firebase as a database for web bcuz i don't like the idea of connecting my frontend directly to backend but still it doesn't mean it's insecure. One can setup firebase rules & It's good to go. It also provides OTP authentication for free!
Sir mana ya kehna tha is video ko mana 4 times dekha hai so please todha best practices and best security related not best but basic practices pr ek video ho jay 😅 toh 16:49 todha acha lagega other wise project acha hai theek hai
Mehul Bhai this developer has not changed the security rules which are present in firebase database. He has simply added where clause to fetch project of specific user.
why he used next js if he implemented everything on client, firebase is secure but you should follow every security steps like using secure rules and for fetching users projects he should implement that on next js's api route because firebase can be use on server side as well and those who are saying that firebase is not secure I just what to say one thing skill issue
Security related kya kya chis hamlogo ko dhyan me rakhna chaihe proj bana te time frontend ho ea backend, make a video on this topic, security related bohot chis log skip kar dete hai actually !!!
Firebase uses rules to make it secure. But I believe that developer haven't given efforts to improve the security. In the rules we can make it super secure
I appreciate your approach, but i would say that the its not the fault of the student. The colleges aren't teaching well enough so that we come to know whether these things follow correct approach or not. The student is watching video on yt and making a web app. As a student i will say this kind of project is very nicee considering he has done it on his own.
Hello, Mehul dada could you please also review my project it is a NextJs Full Stack application you will love it definitely and I'd love to know how my project is reviewed by a senior developer and what changes and best practices are missing in that project. Please dada how can I send you my project? Thank you in advance!
Accessing DB from frontend is a bad practice but firebase has its own thing called firebase rules which kinda goes like this match /users/{documentId} { allow read, write: if isDocumentOwner(documentId) && isAuthenticated() }
match /users/{documentId}/userDataInNestedCollection/{document=**} { allow read, write: if isDocumentOwner(documentId) && isAuthenticated() }
function isAuthenticated() { return request.auth != null; }
function isDocumentOwner(documentId) { return request.auth.token.email == documentId; }
@@mr_x0s1 zustand code is so easy as mehul says you can use zustand any where like in your any helper function but in redux you have to pass every child in provider than you can use redux states but in zustand it's like using useState is that easy
It's not the fault of Firebase, basically I wouldn't say I like Firebase but Firebase has a great security rules system and it's a simple skill issue if someone doesn't understand them.
Asper i know it depends on you, zustand me hooks provided hai so no need to wrap your entire code just like u do in redux toolkit or context API zustand is easy to use actully
listen so many idiots saying mern applications cant scale over millions and billions user is that true pls reply, I love JS but the echo chamber around me echoing that mern full stack is bad do Java full stack instead : (
Firebase has something called security rules and if set up properly it's completely safe to update or delete stuff in the client code. Fireship had made a video on security rules once youtu(dot)be/b7PUm7LmAOw?si=SRIdgMkdkrZH-KSg
Thank you so much for taking the time to review my project and its code thoroughly. I truly appreciate the effort you put into identifying all the issues and security problems. I will carefully address each one to ensure the integrity and safety of my project. Thanks again for your help and guidance!
The sole purpose of firebase is for the serverless architecture! If the development did not use security rules in the project it is his fault not firebase ! And whats the point in writing those functions on back-end when we want to manage servers and stuff!
serverless doesn't mean literally serverless it just mean you don't have to scale the backend up and down yourselves
Server less just means you don’t handle scaling of servers. Firebase itself hosts all your backend code on gcp. It just allows you to use it as it is without you managing them.
this content is actually good, these kind of reviews helps what to look out for, avoid bad practices, look at good practices, and people can learn how actual production might look like.
would love to see more project review or content like this.
Do continue this series of project reviews 🔥Looking at others’ mistakes is actually helping us improve by not repeating them
Love this review format. These things can take months, if not years to learn on your own. Top job!
Sir, your code review videos are great keep making more videos on on this topic. Your videos are very helpful. ❤️
sahin tha bro, maaja aagya, mujhe yt ne recommend kiya, mera bhi production project firebase pr hai, and YES YE FLAWS bhi hai, mujhe ab finally backend sikhna padega 😅
These videos helping a lot, discuss good practices as well by writing small chunks of code while reviewing, it will be helpful too.
Very informative, we want more such videos
10:40 firebase pe security rules create kar sakte h or check laga sakte h user is authorised to do that operations
Yeah, Mehul should first do research before making video. This make him sound a bit dumb 😅
This make me wanna create a new project. And absolutely love to have it reviewed 😭😭
Can we expect frequent code review videos? I would love to learn more about senior developers' perspectives on junior developers' code. It definitely helps us to avoid bad practices and implement good ones.
In the firebase or appwrite we can add the permissions at the collection level that can solve the security issues
thats great sir, this type of videos actually helps us to write better code with best practices... can you please make a video on Appwrite ? should we use it or not ? or its actually better than firebase or anything related to it..
7:18 I think that the reason he separated the signin page component from the page.js file was because the signin component is a client side component and if he were to write the entire component inside the page.js file itself, then the entire page will switch to client side on demand rendering, which eliminates the entire purpose of using nextjs.
bhai even page.js is a client side component in his code..
Awesome man!
Keeeping that in mind i use pocketbase (in docker container) for my side projects and Supabase for big projects but prefer this all Supabase operations on the backend api end points
Bhaiya, If possible, please make a video on:
1. What ORM should we use? (I saw your video on Prisma, and you didn't like it, so, what do you suggest in 2024)?
2. How to scale a Backend System, what do you do to make API fast and secure?
3. How do you make Data retrieval faster, or how to optimize a SQL/No SQL DB?
I was able to crack 12 LPA jobs last month, so, Thanks to you and Codedamn, helped a lot. I hope I meet you someday 🤝
a diffrent signIn component makes sense in this use case right because it has to use some client side functionality so it is marked as use client and then used in a server component instead of making that whole page a client component
You have mentioned zustand , I think zustand and react redux for State management are the same as per my knowledge please clarify me if I am wrong
Firbase auth object consists of login user details like token n other stuff which is browser specific and gets empty on logout
completely agree on the 8:00 part. In the past I've been also guilty of separating auth ui components which are meant to use in only one place.
please continue this series boss
Sir development mode mein security rules nahi lagte hai unhone ne development mode off nhi kya hoga ya security rules nahi set kiye honge
What if I make api endpoints of my backend with authentication etc but just use firebase for database and not auth , is that a good approach??
As far as i can understand using a separate component for the SignIn at 7:57 could be to get the client side rendering separate from the page so only the inside SignIn is client rendered as you have a form to submit but the rest of the page is rendered on server. Would have made more sense if he had something to run on the server in that component but he did not have to. Still a good approach to use if you somehow miss it.
If I am wrong do tell me
Sir please make this type of videos❤
Please create videos where we can learn security kinda things ❤
Bhaiya hope you will reveiw my own project in next month.
Currently it is on devlopment phase
True. Firebase rules are a pain to set up. However I used firebase for an Android app so it's hard to interfere with the frontend code (app) so it was okay but still it was insecure if anyone got the db url :/
But yeah I refrain from using firebase as a database for web bcuz i don't like the idea of connecting my frontend directly to backend but still it doesn't mean it's insecure. One can setup firebase rules & It's good to go. It also provides OTP authentication for free!
Bhaia then what’s best for authentication?
Sir ase he review topic ka sath new video banaye
6:30 us Bhai, Supabase to row level security use krta h to prevent unauthorised data access. Firebase me kya hota h any idea?
Bro became a Pentester 🔥
Sir mana ya kehna tha is video ko mana 4 times dekha hai so please todha best practices and best security related not best but basic practices pr ek video ho jay 😅 toh 16:49 todha acha lagega other wise project acha hai theek hai
Mehul Bhai this developer has not changed the security rules which are present in firebase database. He has simply added where clause to fetch project of specific user.
why he used next js if he implemented everything on client, firebase is secure but you should follow every security steps like using secure rules and for fetching users projects he should implement that on next js's api route because firebase can be use on server side as well and those who are saying that firebase is not secure I just what to say one thing skill issue
The main problem with firebase is developer just pick it up and start development and make no time for learning it.
And here goes my React project in the making.....
Security related kya kya chis hamlogo ko dhyan me rakhna chaihe proj bana te time frontend ho ea backend, make a video on this topic,
security related bohot chis log skip kar dete hai actually !!!
Don't worry firebase has security rules in their dashboard.
@@akash-kumar737 yes i know that, thats a google product. Actually I am more interested in normal cases,
Didn't this should be manage by firestore security rules which will give permission denied error if a client request any unauthorised documents 🤔
😊
the project is in nextjs i think most of the thing is server render.
Make a video about React native vs flutter
Firebase uses rules to make it secure. But I believe that developer haven't given efforts to improve the security.
In the rules we can make it super secure
Muje to bas es site ka UI achha laga baki functionalities to bilkul hi basic hai
Firebase rules sayad modify nahi kiya hoga
I appreciate your approach, but i would say that the its not the fault of the student. The colleges aren't teaching well enough so that we come to know whether these things follow correct approach or not. The student is watching video on yt and making a web app. As a student i will say this kind of project is very nicee considering he has done it on his own.
Hello Mehul Sir ❤
Make videos on website security
HI Can u explain CSRF with real time example
sir jii apna project bhejna ho to kaise apko send kar skta hnn
Developers must follow standard security guidelines to mitigate the security vulnerabilities listed in OWASP Top 10.
Hello, Mehul dada could you please also review my project it is a NextJs Full Stack application you will love it definitely and I'd love to know how my project is reviewed by a senior developer and what changes and best practices are missing in that project.
Please dada how can I send you my project?
Thank you in advance!
If the project is using firebase and its insecure, that just means "Developer is lazy or doesn't care about the security."
Firebase rules samaj nhi aate 😢😭
Bhai firebase wala kiu bata diya ?
Mein kitne projects ki db mein ghusta tha,
Yes even in 'production' websites/Android apps has open firebase access.
Without having any Experience How Can A Fresher Do this kind of projects
Please Help us
Accessing DB from frontend is a bad practice but firebase has its own thing called firebase rules which kinda goes like this
match /users/{documentId} {
allow read, write: if isDocumentOwner(documentId) && isAuthenticated()
}
match /users/{documentId}/userDataInNestedCollection/{document=**} {
allow read, write: if isDocumentOwner(documentId) && isAuthenticated()
}
function isAuthenticated() {
return request.auth != null;
}
function isDocumentOwner(documentId) {
return request.auth.token.email == documentId;
}
thanks, i didn't know about them
Sir is Zustand better or react redux
zustand is way better than redux there is no doubt
@@imPrathamDev which one is easy 😁😄
@@mr_x0s1 zustand code is so easy as mehul says you can use zustand any where like in your any helper function but in redux you have to pass every child in provider than you can use redux states but in zustand it's like using useState is that easy
Without setting Firestore, Firebase realtime rules firebase is insecure
It's not the fault of Firebase, basically I wouldn't say I like Firebase but Firebase has a great security rules system and it's a simple skill issue if someone doesn't understand them.
one more thing you can actually built a good backend using Firebase, it's just very costly but it's possible and DX is great.
For state management which is better Zustand or redux-toolkit
Asper i know it depends on you, zustand me hooks provided hai so no need to wrap your entire code just like u do in redux toolkit or context API
zustand is easy to use actully
For me it is toolkit because it makes code quite clean. Though zustand is easy to use
firebase probably uses httpOnly cookies which cannot be accessed using document.cookie on client side
Nvidia CEO predicts the death of coding - Jensen Huang says AI will do the work, so kids don't need to learn...make a video about the statement😢😢
Sir kindly make review on replt clone by harkirat singh.
The last time I did it bothered him and his audience a lot. To avoid any sort of hate I would just avoid reviewing his work.
Nah, he's a sissy who can't take criticism. Aise logo ka kaam review krke kya fayda bhai.
listen so many idiots saying mern applications cant scale over millions and billions user is that true pls reply, I love JS but the echo chamber around me echoing that mern full stack is bad do Java full stack instead : (
you are the best
Firebase has something called security rules and if set up properly it's completely safe to update or delete stuff in the client code.
Fireship had made a video on security rules once
youtu(dot)be/b7PUm7LmAOw?si=SRIdgMkdkrZH-KSg