Reputation: 783
Firebase Securing Nodes in the Database
I use Firebase. Here is what one of my nodes looks like:
--Users
----RandomUID1
----RandomUID2
----RandomUID3
For Rules, this is what I have:
--"users" : {
----".read": "auth != null && !root.child('blockedUsers').hasChild(auth.uid)",
----".write": "auth != null && !root.child('blockedUsers').hasChild(auth.uid)"
--}
What I would like is for reading from the users node to stay the same, but I would like for writing to only be allowed on children of the users node. The reason for this is it would be catastrophic if I accidentally wrote code one night that deleted the entire users node. Is it possible to make a rule so that writing on the node itself is not allowed but writing to child nodes is allowed?
Is there a way to secure myself from such an accident that might occur because of human error?
Upvotes: 0
Views: 46
Answers (1)
Reputation: 467
You can use variables, Firebase variable rules
.At the users node i didn't add a write rule, which doesn't allow for data modification.
"users":{
".read": "auth != null && !root.child('blockedUsers').hasChild(auth.uid)",
"$uid": { //where $uid is child
".read": "auth!==null && auth.uid == $uid",
".write": ""auth!==null && auth.uid === $uid"
}
}
Upvotes: 2
Related Questions
- Secure Firebase Rules
- Firebase authorization and security model
- Securing Firebase Realtime Database while keeping optimisations
- Firebase Database Security
- How to protect a Firebase Node depending on sibling Node?
- Firebase Security Rules For A Node with Multiple Children
- Data Structure for Secured Nodes?
- Firebase security child node
- Keeping firebase data secure
- Firebase Database Rules private nodes