Reputation: 2280
Understanding the need for Firebase Security rules
I understand the principle and the need for security rules, and I am intending to write them as required.
My questions is in the instance that I forgot/missed to put a rule in for a particular branch in the JSON tree. how will a user/anyone know the paths of my JSON tree to go go malicious adds/removes in the JSON tree?
In my example, I have an iOS app that has the UI, numerous viewControllers, that do all the add/remove of any info/objects to the Firebase backend. How would an end user even know how to manipulate the paths in my Firebase backend when they are not exposed to my Firebase structure?
Upvotes: 0
Views: 63
Answers (1)
Reputation: 8584
For iOS apps security isn't as big of a deal, but if someone managed to get a hold of your source code or your firebase's configuration information then they'd be able to set up a dummy project hooked up to your database and be able to manipulate your unsecured branches. For non-iOS apps security is very important as it's pretty straight forward to acquire a firebase's config info.
Upvotes: 0
Related Questions
- Importance of security rules in firebase
- Why should we use Firebase security rules?
- Firebase Real-time DB Security Rules
- Understanding Basic Firebase Security Rules on Firebase
- I am confused about Firebase Rules
- When are Firebase Security Rules needed for database?
- Having Confusion in Firebase Rules for my App
- Firebase rules & security
- Firebase Database Rules
- Firebase Rules Confusion