Security about creating user by Cloud Functions for Firebase

Question

There are many discussions about creating a user without sign the user in using Firebase Web SDK. I created a Cloud Function and used Admin SDK to create a user:

exports.createUser = functions.https.onRequest((request, response) => {
  const param = request.body

  admin.auth().createUser({
    email: param.email,
    emailVerified: false,
    password: param.password,
  })
})

But in my angular2 app, I have to use HTTP to POST the email and password to Cloud Functions for Firebase. Is it safe to do this without encrypting the password?

is password saved encrypted? – Oliver D Nov 25 '19 at 15:50 — Oliver D, Nov 25 '19 at 15:50

score 5 · Accepted Answer · answered Apr 20 '17 at 17:59

5

Yes, this is safe. All Cloud Functions are served on https URLs which means that the contents are encrypted in transit. Do make sure that you are sending the request to https://us-central1-<your_project>.cloudfunctions.net and not http.

answered Apr 20 '17 at 17:59

Michael Bleigh

25,334
2
79
85

Security about creating user by Cloud Functions for Firebase

1 Answers1