TechQA.

writing Firebase rules

51 views Asked by At

I am a novice using Firebase for first time and received an email regarding my information in database is completely open in internet and vulnerable to attackers and need to write a rule. But the rule I have published is not what I am after. I am after a strong Security Rules that allow my app to function while appropriately protecting my data. Any advice and preferably a code to copy paste to rules is highly appreciated.

I am a novice coder and have no idea how to write Common Expression Language (CEL) code. I read how to write the rules and copy pasted a sample rule and published.

firebase common-expression-language
Original Q&A
1

There are 1 answers

0
Milen Minchev On

You can start simple in the beginning for example to lock user to write or read or both only when they are logged. It should look like something like this:

 service cloud.firestore {
  match /databases/{database}/documents {
    match /{document=**} {
      allow read, write: if request.auth != null;
     }
   }
 }

More advance is if you have store UID in firebase then you can lock the user only to view documents which they created, should look something like this:

service cloud.firestore {
  match /databases/{database}/documents {
    // Allow only authenticated content owners access
    match /some_collection/{userId}/{documents=**} {
      allow read, write: if request.auth != null && request.auth.uid == userId
    }
  }
}

You can check more options both beginner and advance rules here: https://firebase.google.com/docs/rules/basics

Related Questions in FIREBASE

Related Questions in COMMON-EXPRESSION-LANGUAGE

Popular Questions

Popular Tags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json python-3.x ruby-on-rails .net sql-server swift django angular objective-c pandas excel

Trending Questions