I am new in Development. I have a very basic Question but I tried to find it on google and did not understand. My question is that.
In firebase Google said that the meaning of:
{
“rules”: {
“.read”: true,
“.write”: true
}
}
is that anyone can interrupt in this type of security rules, even a person who doesn't use your app. I got it. Now, If I want to make a chat app or a small social app then what kind of security rule should I use?
Is this rule is enough to make my app secure? that I post below:
{
"rules": {
".read": "auth != null",
".write": "auth != null",
}
My app Goal is to authenticate a user through Firebase Authentication before using my app, My app will have chat option and simple Question posting option. Hope I clear it up. IDE is Android Studio with Flutter, Dart as language.
CodePudding user response:
To make your data secure, your rules should allow exactly what your code uses and nothing more. It is unlikely that your code read the entire database for every signed in user, so you can probably change these rules to restrict access more without losing any functionality in your app.
Writing security rules is a pretty big topic though, and we've already covered part of it quite a few times here, so I recommend checking out the answers to: