Reputation: 811
Firebase Database Security
I'm new to Firebase database so I have a questions concerning the database.
My database rules so far is public like this:
"rules": {
".read": "auth == null",
".write": "auth != null"
}
I want the access to my database info (read and write) to be only for my application. I want to make my firebase to only allow read and write instructions if the appID or BundleIdentifier or something that identifies that it is my app who's trying to operate.
Is it possible? I don't want to use Firebase user authentication. With the configurations I have so far is it possible for anyone in the world to access my database?
Upvotes: 0
Views: 135
Answers (1)
Reputation: 317798
It's not possible to use the app's ID with Realtime Database security rules. The list of properties you can use in rules is documented here.
Also, if you want to allow full read access to your database, consider also saying this:
"rules": {
".read": true
}
What you have now ".read": "auth == null", only allows read access if you are not authenticated. Authenticated users would not be able to read, which doesn't sound helpful.
Upvotes: 2
Related Questions
- Secure Firebase Rules
- Firebase authorization and security model
- Firebase Storage Security?
- Firebase Real-time DB Security Rules
- Firebase realtime database security rules
- Firebase Realtime Database Security Rules protect user datas
- Firebase database security rules
- Firebase rules & security
- Firebase DB data security
- Keeping firebase data secure