Firebase - security rule settings

Hello everybody!
My questions may seem stupid - but I’m just starting to understand the development, so I hope for your understanding and support.

For my application to work, I created a firebase base. After that, I connected the authorization extension to it (currently I use email authorization, but later plan to use SMS authorization).

In the control panel of the firebase, a notification began to appear that within the next two days all client requests to the database will begin to be rejected. This will continue until I establish secure rules for accessing the database.

Can you tell me what security rules I should use, given that only I access the database (from the control panel), and users are added only in the authorization module?
Those. in fact, I only need firebase for the authorization module to work, I store and process all the data elsewhere.

1 Like

hi @lavrynenko the simplest would be this:

1 Like

When you start a new project in Firebase, the system will automatically insert a rule to allow access for one month. Delete that entry from the database rules and you should be fine.

1 Like

Thanks! I configured the Firebase as you recommended - hopefully this helps.

Most likely I did something wrong, so I ask you to clarify how exactly this rule should be removed. I removed the entire text from the list of rules, but the system issued a notification: Error saving rules - No data supplied.

Now I have established the following rules (as advised by respected @danibarzo16i718):

ok @lavrynenko , now is working fine?

1 Like

Currently everything is working fine, but I want to wait another day or two to be sure :slight_smile:

1 Like

When you first create a project Firebase will ask you to choose between Locked Mode and Test Mode.

If you choose the Locked Mode you will get similar rules as suggested by @danibarzo16i718 which are the basic mode that requires authentication to use the database.

If you choose the Test Mode you will have rules like this

  "rules": {
    ".read": "now < 1632517200000",  // 2021-9-25
    ".write": "now < 1632517200000",  // 2021-9-25

Which basically gives you access for one month. I update the number to have the access allowed for ONE year.

The problem with the Locked Mode is that you cannot try new apps with it unless you use the Sign In component in the app otherwise you cannot test it which, for me, sometimes it is over complication. So I have my test database that is open and I can quickly create any application and write to the database and when I want to give to the user, I change from test DB to production DB which they have to login.

This is just an explanation to understand why it is made this way.

1 Like

Thanks for your explanation.
Do I understand correctly that:

  1. Is the date in Unix format?
  2. If I create a date in Unix format, which will be two or three years away from the current date, for example, and enter this date into the rules, will this method work?
1 Like

The question is caused by the fact that I have just received another reminder that the database will be blocked for access. Yesterday I applied the rules suggested by 3454 - but I’m not sure whether these rules have not been applied yet (according to the conditions - they take 24 hours to apply, if I remember correctly), or - I messed up something in the rules. So I’m looking for a further way out of the situation in order to leave the base open.

1 Like

Yes, you are correct in the issue of date representation. The access rules update immediately once you save the rules.

In my case, I add a year in the Unix date given. Remember, each day is 86,400 seconds or 86,400,000 milliseconds. Multiply it by 365 to get the number required to add it to the existing number so that your Firebase access will remain active for another year.

Remember that every function in the Firebase system has its own rules so you can set a specific rule for Realtime DB and a completely different rule for FireStore DB.

1 Like