Home > Back-end >  Your Realtime Database has insecure rules
Your Realtime Database has insecure rules

Time:11-09

I'm new to React native. In my application, when the user opens the application, words in 2 languages appear on the screen. These words come from the firebase database. The application cannot be entered with a user name and password. As the application is entered, words from the database are displayed on the screen and the user can change the words by pressing the forward or back button. An email came from firebase. It says that the database is not secure and anyone can read the data in the database. Since there is no user name and password in the application, I do not add anything to the database rules. How can I secure the database in such a case?

Database rules:

{
  "rules": {
    ".read": true,
    ".write": false
  }
}
<iframe name="sif1" sandbox="allow-forms allow-modals allow-scripts" frameborder="0"></iframe>

CodePudding user response:

You can set firestore to accept only signed in users, you can implement that without asking the user using anonymous signe in feature provider by firebase auth check the docs: https://rnfirebase.io/auth/usage#anonymous-sign-in.

After you configure rules to something like this:

rules_version = '2';
service cloud.firestore {
  match /databases/{database}/documents {
    match /{document=**} {
        // Allow read/update, create access on all documents to any user signed in to the application
        allow read, update, create: if request.auth != null;
        // Deny access to delete
          allow delete: if false;
    }
  }
}

I used this in my app, I don allow deleting.

  • Related