Firebase good practices

hi

in my application which allows to control who frequents the library I associate the name of the user and the link which points to his photo is this harmful ?

Is this harmfull in what way?

hi

could someone not modify the names or the photos even by game?
i use these rules

Are these rules for real time database, firestore?

Setting up Firebase rules can be a bit confusing at times.

Anything in terms or chapters only requires a user to be authenticated but in the user bucket, the current users is must match the bucket key they are trying to read/write to.

I like to store info under private keys in a users bucket like this


1 Like

Hi

This rules are for realtime database

1 Like

Hi

I agree with you except that connected is not my user bucket it’s the place where I store the temporary info of people who are temporarily in the reading room

Are they required to read from it? If yes put something like read: auth != null and remove the write ability. Thus your users wont be able to write to the DB only read from it

hi

yes they are obliged to read and I would follow your recommendation delete the writing as if it were the user bucket

1 Like

hi

I don’t know where I was thinking in fact everyone can read the data and each user must be able to “delete his presence” in the reading room

I hope to find more appropriate rules

thanks for your support