Reputation: 2617
I would like anonymous users to be able to send data to Firebase but not to delete or overwrite it.
This is what I have been using lately:
My database rules:
{
"rules": {
".read": false,
".write": true
}
}
My javascript snippet:
firebase.initializeApp({
apiKey: "asdasd",
databaseURL: "asdasd.firebaseio.com/"
});
var id = Math.random().toString(36).substr(2, 9);
var userData = 'hello';
var sendData = firebase.database().ref("data/" + id + "/").update({userData});
sendData.then(function() { console.log("data sent!") })
The obvious problem is that I am exposing my apiKey in the script and anyone could overwrite or delete the data. Is there any practical solution?
Upvotes: 0
Views: 152
Reputation: 230
Hey i think you should do like this
reference= FirebaseDatabase.getInstance().getReference("announcement");
AbsAnnouncementmodel absAnnouncementmodel=new AbsAnnouncementmodel(receiver,announcement);
reference.push().setValue(absAnnouncementmodel);
here reference related with DatabaseRefence
Upvotes: 0
Reputation: 598740
To only allow users to write new data and not change existing data, you can do this in your rules:
{
"rules": {
".read": false,
".write": "!data.exists()"
}
}
Also see the Firebase documentation on existing vs new data.
I'd recommend using Firebase's built-in push()
method for generating the keys, since that adds some predictability to your randomizer without sacrificing the key's unguessability:
firebase.database().ref("data")
.push({userData})
.then(function() { console.log("data sent!") });
Upvotes: 2