Security Issue on Firebase

Question

on sample android application to access database Firebase (https://www.firebase.com/docs/android/quickstart.html), we just need to write

Firebase myFirebaseRef = new Firebase("https://<YOUR-FIREBASE-APP>.firebaseio.com/");

The problem is, if someone know my firebase url "https://.firebaseio.com/", they will be able to manipulate my data from their application. How to secure connect to Firebase? like a facebook or Google Api give us APP-Key or Secret. -Thank You

score 3 · Answer 1 · answered Jan 04 '16 at 15:11

Step 7 in the quickstart you linked:

Secure Your Data

Use our powerful expression-based Security and Firebase Rules to control access to your data and validate input:

{
  ".read": true,
  ".write": "auth.uid === 'admin'",
  ".validate": "newData.isString() && newData.val().length < 500"
}

Firebase enforces your Security and Firebase Rules consistently whenever data is accessed. The rules language is designed to be both powerful and flexible, so that you can maintain fine-grained control over your application's data.

but if want to give access to all users of my application than? I just want to protect my data from other application. — Jignesh Ansodariya, Sep 13 '16 at 05:06

score 2 · Answer 2 · answered Jan 04 '16 at 08:38

2

Firebase security is not based on API keys/secret but in permission rules. Check this out.

answered Jan 04 '16 at 08:38

Héctor

24,444
35
132
243

Jukka Puranen · Answer 3 · 2016-01-04T08:52:42.363

2

So if you want to make everything only writable you add the following security rule:

{ "rules": { ".read": false, ".write": true } }

And it is also worth noting that these rules will cascade to all child nodes and you cannot override them in child nodes except for validation rules.

edited Jan 04 '16 at 08:52

answered Jan 04 '16 at 08:45

Jukka Puranen

8,026
6
27
25

Security Issue on Firebase

3 Answers3

Secure Your Data

Linked