-2

I am using firebase for my android app and using anonymous authentication. Now anyone can see the url by monitoring the requests or reverse engineering the app. And then make his own app with my firebase url and use use anonymous authentication. So how to prevent this?

I am using anonymous authentication so that nobody can use the rest endpoints.
I have read the below post but i don't understand how to prevent this.
How to prevent other access to my firebase

My writes are authenticated with email + password.
My reads are authenticated by anonymous authentication.

Community
  • 1
  • 1
Shreyans jain
  • 559
  • 6
  • 18

1 Answers1

2

You cannot prevent other people from seeing your Firebase url. Firebase provides you with a cool dashboard from where you can block non-authorized people from fetching your database information. Make sure you have the following code under your "Security & Rules" tab:

{
"rules": {
   // only authenticated users can read or write to my Firebase
   ".read": "auth !== null",
   ".write": "auth !== null"
   }
}
andreasonny83
  • 1,213
  • 11
  • 19
  • i have already done this. and i am not using javascript , i am making android app! – Shreyans jain Jan 27 '16 at 08:49
  • 1
    Even if your writing your code inside your app, other people can still inspect the url of the request where your Firebase database is located. You cannot mask that url but you can secure your data in it. – andreasonny83 Jan 27 '16 at 08:51
  • Just remove or correct your answer to just no, so that others can see the question as unaswered. – Shreyans jain Jan 27 '16 at 08:53
  • 2
    @shreyansjain , the very first sentence of my answer already mention: "You cannot prevent other people from seeing your Firebase url." – andreasonny83 Jan 27 '16 at 08:58
  • Correct your answer in context of javascript and remove the rules thing, i have already done that. – Shreyans jain Jan 27 '16 at 09:00