You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
<FAQBoxtitle="Will the other Firebase components used by ACAP be affected?">
81
81
- No, this announcement only affects the <u>Firebase Storage</u>. Discontinued support of the Firebase standard (no-cost) pricing plan only affects the Firebase Storage.
82
-
- Other Firebase components used by ACAP - the <u>Firestore Database</u>, <u>Firebase Authentication</u>, and <u>Firebase Hosting</u> still retain their standard (no-cost) pricing plans until further announcements or changes by Google Firebase.
82
+
- Other Firebase components used and activated by ACAP - the <u>Firestore Database</u>, <u>Firebase Authentication</u>, and <u>Firebase Hosting</u> still retain their standard (no-cost) pricing plans until further announcements or changes by Google Firebase.
83
83
84
84
<Callout>
85
-
Subscribing to the Firebase Blaze Plan **will automatically enroll** all Firebase components to the pay-as-you-go Blaze plan, not just the Firebase Storage.
85
+
Subscribing to the Firebase Blaze Plan **will automatically enroll** all Firebase components/services to the pay-as-you-go Blaze plan, not just the Firebase Storage.
86
+
However, billing charges beyond the no-cost usage quotas <u>will only incur</u> on <u><b>manually activated</b></u> Firebase services.
86
87
</Callout>
87
88
</FAQBox>
88
89
@@ -117,7 +118,7 @@ _All Firebase components service usage (including those not used by ACAP) will o
117
118
118
119
- Firebase usage analytics are accessible at this URL with or without a subscription to the Firebase Blaze plan:
@@ -126,12 +127,12 @@ _All Firebase components service usage (including those not used by ACAP) will o
126
127
<Callouttype="warning">
127
128
ACAP expects usage only from the following Firebase services: **Firestore Database**, **Firebase Storage**, **Authentication**, and **Hosting**. [ACAP's Security guidelines](/security) only cover these four (4) Firebase components, aside from general web application security practices and know-how, e.g., stressing the need for data validation <sup>[[1]](/security/#database)[[2]](/directories/server)</sup>.
128
129
129
-
> Developers can useother Firebase components as deemed necessary when needed. However, since they are not included originally in the ACAP project Firebase components, developers should care about using them responsibly to avoid incurring Security issues and unexpected billing.
130
+
> Developers can <u><b>use</b></u> and <u><b>activate</b></u> other Firebase components as deemed necessary when needed. However, since they are not included originally in the ACAP project Firebase components, developers should care about using them responsibly to <u>avoid incurring security issues and unexpected billing</u>.
130
131
</Callout>
131
132
</FAQBox>
132
133
133
-
<FAQBoxtitle="Are there security considerations that I should be aware of?">
134
134
<divid="security-considerations" />
135
+
<FAQBoxtitle="Are there security considerations that I should be aware of?"color="text-red-700 dark:nx-text-red-200">
135
136
136
137
Yes. <u>Some of the latest core deliverables</u> implemented for ACAP in its [2.0](/changelog/#version-2-acap-20) version [**introduced security flaws**](/changelog#acap-2-security-debts) not present in the initial ([1.0](/changelog/#version-1-acap-10)) version, which had strictly followed [security guidelines](/security) and adhered to best practices in web development security, effectively preventing these issues. Based on the following criteria, the new security flaws introduced in version 2.0 resulted in a **60% reduction in the established security from version 1.0**.
137
138
@@ -205,7 +206,7 @@ Key topics to discuss include:
205
206
<Callouttype="info">
206
207
ACAP's [Security measures and practices for Firebase](/security) only cover the Firebase components that it actively uses: **Firestore Database**, **Firebase Storage**, **Authentication**, and **Hosting**.
207
208
208
-
Developers are encouraged to learn more about responsible Security measures and practices for other Firebase components or services, should they feel the need to use [other Firebase services](https://firebase.google.com/products-build) (e.g., **Firebase ML**, **Cloud Functions**, **Extensions**, etc) for their ACAPs other than **four (4) main Firebase components** used by ACAP.
209
+
Developers are encouraged to learn more about responsible Security measures and practices for other Firebase components or services, should they feel the need to <u>use</u> and <u>activate</u>[other Firebase services](https://firebase.google.com/products-build) (e.g., **Firebase ML**, **Cloud Functions**, **Extensions**, etc) for their ACAPs other than **four (4) main Firebase components** used by ACAP.
Copy file name to clipboardExpand all lines: docs/pages/changelog.mdx
+1-1Lines changed: 1 addition & 1 deletion
Original file line number
Diff line number
Diff line change
@@ -76,7 +76,7 @@ Version 2.0 and later versions may have new requirements that will thrive on new
76
76
77
77
> These issues, raised during the early 2.0 development phase (June 2024), have been communicated to the new main ACAP code Maintainer, who is also the new primary developer/programmer leading the creation and enhancement of new features for Version 2.0. The new code Maintainer has made thoughtful decisions for balancing development speed with feature delivery, reflecting their understanding of the project's scope and the perceived security needs. They are open to addressing these issues as time and priorities allow within the ACAP project timeline.
Copy file name to clipboardExpand all lines: docs/pages/security.mdx
+3-2Lines changed: 3 additions & 2 deletions
Original file line number
Diff line number
Diff line change
@@ -33,7 +33,7 @@ Please ensure continued compliance with these security standards when extending
33
33
- (a) ACAP 1.0's Firestore Rules strictly prohibits **Database #1.a** and **Database #1.b** to enforce this.
34
34
- (b) If new requirements allow item **Database #1.a** to "directly" perform **CREATE/EDIT/DELETE** operations in Firestore collections or documents using the [Firestore Web API](https://firebase.google.com/docs/firestore/quickstart) or [Firestore REST APIs](https://firebase.google.com/docs/firestore/use-rest-api), please ensure that _**"new"**_ and robust [Firestore Rules](https://firebase.google.com/docs/firestore/security/get-started) are created and thoroughly tested. These Rules may need to be separate from ACAP <spanclassName="text-xl font-bold text-red-600">1.0</span>, which _"discourages this approach unless Firestore Rules can be properly enforced"_.
35
35
36
-
3. Ensure proper server-side validation when mutating data through the backend (NodeJS) REST APIs using **validation scripts** in _middleware_ or the _controller_ scripts.
36
+
3. Ensure proper server-side validation when mutating data through the backend (NodeJS) REST APIs using **validation scripts** in [_middleware_](/directories/server/#middleware) or the [_controller_](/directories/server/#controllers) scripts.
37
37
38
38
4. Firestore database security relies on properly tested Firestore Rules to ensure security, especially if its rules do not disable all **VIEW/CREATE/EDIT/DELETE** operations.
39
39
- Please ensure that "new" and robust Firestore Rules are created and thoroughly tested, in case new database components or requirements need to be added to the ACAP 1.0 Firestore database.
@@ -63,7 +63,8 @@ Manually test and ensure, using the Firebase Storage Web APIs, that:
0 commit comments