I am a novice using Firebase for first time and received an email regarding my information in database is completely open in internet and vulnerable to attackers and need to write a rule. But the rule I have published is not what I am after. I am after a strong Security Rules that allow my app to function while appropriately protecting my data. Any advice and preferably a code to copy paste to rules is highly appreciated.
I am a novice coder and have no idea how to write Common Expression Language (CEL) code. I read how to write the rules and copy pasted a sample rule and published.
You can start simple in the beginning for example to lock user to write or read or both only when they are logged. It should look like something like this:
More advance is if you have store UID in firebase then you can lock the user only to view documents which they created, should look something like this:
You can check more options both beginner and advance rules here: https://firebase.google.com/docs/rules/basics