We all love firebase, and for a lot of applications the data stored in firebase will not be that critical. However, if you plan to store personal or confidential data in firebase, please think about your users and make sure to pay a lot of attention to properly securing your data, to avoid ending up in reports like this:
regards Rob
How do we properly secure the firebase data if the app is to allow read and write by all users of the app? What are the firebase rules we need to set and how do we authenticate users and allow them access to their own nodes only?
General:
https://firebase.google.com/docs/database/security/
Only allowing users to access their own nodes:
https://firebase.google.com/docs/database/security/user-security
The link is labeled as dangerous for the pc, isn’t it ironic?
I’d like to have in my app a cellphone number only authentication, I can have the SMS verification trough an external service, but I don’t know if I can have the firebase data security if the user doesn’t register to firebase with the email, any suggestion or explanation about it?
Thx
Hey Rob, Really having trouble getting the firebase rules to work. If I set read write to true, the app below works. But if I change the firebase rules to the suggested read/write access, I can’t get it to work. If you have any advice, it would be really really appreciated. I’ve watched, and read so many tutorials. Thank you so much if you have any suggestions. John
https://x.thunkable.com/copy/d402369a4eb5e9a929f719e08410115a
rules in firebase:
{
“rules”: {
“users”: {
“$uid”: {
“.read”: “auth != null && auth.uid == $uid”,
“.write”: “auth != null && auth.uid == $uid”
}
}
}
}
Check this post:
Firebase security rules can be very, very hard to understand.Read a lot and the keep reading.