miniskulljob
miniskulljob

Reputation: 28

Firestore rules good practices

Right now I'm writing the rules for a Firestore database allowing read only to anonymous and registered users because I don't know if it is a good idea to let the database open to everyone to read by any means (like curl).

Do you think it's ok to let it open to read or should I continue to use anonymous and registered rules?

BTW, this is only read operations, write operations are secured and even some collections are off limits even to every registered user.

Upvotes: 0

Views: 427

Answers (1)

Sam Stern
Sam Stern

Reputation: 25134

Your instinct is correct: it's almost never a good idea to leave your database completely open even for read-only operations. Cloud Firestore charges per document read, so if your database is open to the whole internet someone could (on purpose or not) run up a bill by just attempting to read your entire database over and over.

Upvotes: 1

Related Questions