This is the one big thing that really needed to happen to Firebase to get it ready for the world and having worked with these guys a bit, I know it was a difficult problem to solve. I think the solution they came up with is actually pretty novel and exhibits the qualities I strive for these days:<p>1) It's as declarative of an approach as it can be without sacrificing flexibility.<p>2) It follows the structure of your data and is itself a datastructure that can be trivially manipulated.<p>3) It centralizes a concern. Security measures often end up spread all over the place, making it very difficult to reason about what is or is not correctly handled. Not so with this model.<p>I'm excited to see what people do with Firebase now that the one thing that was really holding it back has a solution. I know from my standpoint, it's certainly nice to have someone else dealing with the nightmares of real-time scaling and security so that I don't have to.
We've been using Firebase now for about 6 months to power Roll20[1], it's allowed us to grow from 100 to 1,000 concurrents without having to make any changes to our code or even think about handling the additional scale. That's incredibly valuable to us, since it frees us up to focus on creating features and helping customers, not worry about keeping yet another server from crashing. Andrew, Michael, and James have always been available to answer questions, and it's been a pleasure to watch Firebase grow. The new security API is just the icing on the cake for us since it will allow us to further fine-tune what different participants have the ability to do in our games.<p>I highly recommend it if you're looking at creating a real-time app!<p>[1] <a href="http://roll20.net" rel="nofollow">http://roll20.net</a>
This is really great work, guys. We've been using Firebase for a while now. The uptime, low-latency, and consistency have been impressive. A good security framework was really our last hurdle. We're digging in to the new security features and pretty happy so far. Another good resource (in addition to the blogpost above) is the quick start page. [1]<p>Also, one side note: it's not always clear from reading the docs, but changes to the security rules can be made dynamically and take immediate effect.<p>[1] <a href="https://www.firebase.com/docs/security-quickstart.html" rel="nofollow">https://www.firebase.com/docs/security-quickstart.html</a>
Has this been pentested or audited by a security firm?<p>I think this is awesome and I am glad you have it working. I'll be seriously considering Firebase for future projects.
I have a beta acccount and was waiting for this until I started playing around with it. Thanks! I'm pretty excited about building something on top of this platform.<p>The Scratchpad.io tool that has been on HN for the last couple of days has really blown me away with what Firebase is capable of. Keep up the good work guys!
I especially like Firebase tutorials and docs. After finishing tutorial on Firebase first launch I immediately knew where and how can I use Firebase in the future. When the time came we used it for real-time worker/web-app communication at <a href="http://dubjoy.com/" rel="nofollow">http://dubjoy.com/</a> and it worked like a charm. I still don't know how to use web sockets and I hope I never will :) While working with Firebase we needed some ACL-like security features and Firebase delivered again. Amazing.
Congrats guys! This is seriously impressive; I'm really excited to finally be able to put out some production code with Firebase.<p>As an aside, the model you guys ended up with is fairly similar to the one I proposed back in April: <a href="http://news.ycombinator.com/item?id=3864430" rel="nofollow">http://news.ycombinator.com/item?id=3864430</a>
I like having the flexibility of being able to use Firebase's servers or my own, makes it easy to use for completely client-side apps, or alternatively you can throw it on top of a server-side application. Great work guys!
Very interesting. How are rules updated dynamically? Take a Flickr picture for example. I start it as public, then later decide I want to make it friends & family. How does the client side securely update those rules?
This is a great update and really opens it up for a hackathon project that I wanted to extend after the event, but the security issues had meant that it was better to wait until now.<p>Well done James T. and the rest of the Firebase team.