Home > Software design >  Firebase database expiring - changing rules
Firebase database expiring - changing rules

Time:05-05

My database has due to expire in two days because of rules security. I changed the default test rules yesterday, it is possible that they have not yet been noted, but to make sure they are sufficient to keep my database from expiring, I am asking you about it. Are these rules ok? Is it all to prevent the database from expiring?

Firestore database -> Cloud Firestore rules:

rules_version = '2';
service cloud.firestore {
  match /databases/{database}/documents {
    match /{document=**} {
      allow read, write: if
          request.auth.uid != null;
        
    }
  }
}

Realtime Database rules:

{
  "rules": {
    "Users": {
        "$uid": {
            ".read": "$uid === auth.uid && auth != null",  
            ".write": "$uid === auth.uid && auth != null",  
        }
    }
  }
}

CodePudding user response:

The rules you show don't have an expiration date, so data access won't change based on the date anymore. Whether they're "OK" is a different matter though.

The Realtime Database rules you show give each user access to only their own data, which is a common practice and shown in the Firebase documentation on content-owner only access.

The rules you're showing for Firestore though, give access to anyone who successfully called the Firebase API to sign in, which is a much less strict requirement. If you use Firestore, I recommend also tightening the security there. And if you don't use Firestore, I recommend turning all access off with allow read, write: if false;

  • Related