Reputation: 1672
What could happen if I choose not to use security rules in my Firebase database?
I understand that having security is on the top of our "TO-DO" list, we all need it and want it. But i don't understand what could happen if I don't use security rules in my Firebase database.
Currently, I'm developing an app and the way I did it, I haven't implemented security rules to work with the app, so .read and .write is just set to true. User has to log-in through Facebook though to be able to send requests.
I have tried to implement the security rules to work with the app, but I have some bugs, so does it really bother if it stays that way? Is there any way someone could send a "bad" request? What are the risks?
Upvotes: 0
Views: 226
Answers (3)
Reputation: 23
Your Firebase Rules generally helps you take care of Server side security. and ensures your data are secure and database protected from malicious user. So Authenticating a user does not in anyway hep protect your database. So if you dont have rules in place you could lose all your data. An Authenticated user can simply use a sigle line of code " ref.remove() " and viola all you data in your data base is gone so easy. So please always ensure you write security Rules to make you firebase database secured.
Upvotes: 0
Reputation: 598728
In addition to Mathew's answer you'll also want to think about abuse to your database.
Any user who knows the URL of your database can:
write any data to your database. So by dumping data, they could push your database over its quota and make your app unusable for your actual users.
use your database for their own uses. They'd be eating up your bandwidth quota. Once your quota has been consumed, your app may become unusable for your actual users.
The above apply to the Spark and Flame plans. If your project is on a metered plan, malicious users can drive up your usage and thus your bill.
Upvotes: 1
Reputation: 28750
With write set to true anybody who finds your app URL could delete your whole database. They could change whatever they want. Android, ios or websites, nothing is safe as they will be able to find the URL easily.
Upvotes: 3
Related Questions
- Importance of security rules in firebase
- Why should we use Firebase security rules?
- I am confused about Firebase Rules
- When are Firebase Security Rules needed for database?
- Whats wrong with implementing Firebase security rules in the app itself?
- Need of security rules in Firebase Realtime Database?
- Do I need security rules on my Firebase Database?
- What happens if you leave security rules undefined in Firebase?
- Do I have to change security rules in firebase if I'm not using database?
- Security rules in Firebase