Reputation: 1180
Security Rules in Firestore after 30 days
I have been working on a project in firestore, As I was starting I selected the Test mode for firestore that apparently gives you a 30 day "trial", after that I have to change security stuff, but I have programmed all the gather data and other functions inside my firestore already. If I add a line of code to the security part will I get of these 30 days "trial"?
I went to change the security rules so I don't lose my database, The normal rules are:
rules_version = '2';
service cloud.firestore {
match /databases/{database}/documents {
// This rule allows anyone on the internet to view, edit, and delete
// all data in your Firestore database. It is useful for getting
// started, but it is configured to expire after 30 days because it
// leaves your app open to attackers. At that time, all client
// requests to your Firestore database will be denied.
//
// Make sure to write security rules for your app before that time, or else
// your app will lose access to your Firestore database
match /{document=**} {
allow read, write: if request.time < timestamp.date(2020, 6, 2);
}
}
}
If I add this rule to this, will I not lose the firestore stuff that I have?
match /users/{uid} {
allow read;
allow write: if request.auth.uid == uid;
}
This is how the final code looks:
rules_version = '2';
service cloud.firestore {
match /databases/{database}/documents {
// This rule allows anyone on the internet to view, edit, and delete
// all data in your Firestore database. It is useful for getting
// started, but it is configured to expire after 30 days because it
// leaves your app open to attackers. At that time, all client
// requests to your Firestore database will be denied.
//
// Make sure to write security rules for your app before that time, or else
// your app will lose access to your Firestore database
match /{document=**} {
allow read, write: if request.time < timestamp.date(2020, 6, 2);
}
match /users/{uid} {
allow read;
allow write: if request.auth.uid == uid;
}
}
}
Upvotes: 2
Views: 2657
Answers (1)
Reputation: 317372
If your goal is to extend your "trial" (which it is not, really - it's a reminder that you really should come up with proper rules), then all you have to do is extend the date that been coded into the rule you've been given.
If you don't remove that original rule completely and come up with proper rules, you will continue to get emails from Firebase reminding you that you have a significant security problem with your rules. If you just add rules to it, that won't improve the situation, since the rule is effectively giving the world full access to everything else, no matter what. You will eventually need to remove the rule and replace it with something that accurately describes the security requirements of your system.
Upvotes: 4
Related Questions
- Struggling Firestore rules
- Firestore Rules
- Update document at least after a day Firestore rules
- Firestore Security Rules: hasOnly not working?
- Firebase firestore timestamp based security rules
- truthiness in firestore security rules
- Firebase firestore security rules not working
- Firestore security rules: update document security rule
- problems with firestore security rules
- Firestore security rule not working