Firebase rules not clear

I have an app where i allow read and write the firebse db. Hoever it is insecure i am told.
I have no users that login. Only the app is accessing the db and updates db acc to any users activity. How can iset the fb rules to be more secure ?
I find fb information is poor in explain how i can set it up. Any ideas…???

What are your current rules and what is the message you’re getting about insecure rules?

Have you tried using #3 here? 10 Firebase Realtime Database Rule Templates | by Julio Marín | Medium

Are you storing unique data for each user? Is there a reason you’re not having users login?

1 Like

The current rules are set:
“rules”: {
“.read”: true,
“.write”: true

With this the DB is updates as long as someone is using the app (this is for pure statistics.
In other words i am not interested what each individual is doing. Only how much it is played each day.
because of thjis i need to have “write” set to “true”

Now, this is then unsecure - So how can i set that to “write” is OK by the app when used.

In other word - i am not storing data at all - on a user level. And at this stage i do not want to have a user login…

1 Like

This means that your DB is open to public.

I would suggest to have a user with an email and password and once your app starts login to the database using this email and password. Change the rules to allow read and write only to authenticated users.

This should make your DB secured or at least in a better security position.

1 Like