How to Restrict Read and Write to specific Firebase Node

Question

I have below Firebase Database Structure. I am not authenticating user with firebase.Using Mysql for user Authentication.I want to secure my entire Firebase database allowing reading and writing to Driver books and pos node only. user or someone can not create new node or download database and only can read and write if he knows the specified node name only.

This is what I have tried so far

{
"rules": {


  "Driver_xgfururi": {
    ".write": true,
    ".read": true
  },

  "books_xgfururi": {
    ".write": true,
    ".read": true
  },


  "pos_xgfururi": {
    ".write": true,
    ".read": true
  },

  "req_xgfururi": {
    ".write": true,
    ".read": true
  }

 }
}

is it possible for any hacker findout above node if it is not shared ? and can someone read-write without knowing above node?

Answer 1

The Firebase Realtime Database is usually accessed directly from the client-side application. In that case it can only be secured with Firebase's server-side security rules. And the only knowledge in those rules about the user of the application, is if that use is signed in with Firebase Authentication.

If you have another sign-in mechanism already, you will have to pass that information securely to Firebase Authentication, which will then in turn pass it into the security rules for database calls. You can do this by minting a custom token based on the authentication result you have (on your server), and then passing that token to the client, which can use it to sign in to Firebase Authentication.