1

My web app is using Firebase as database, and is going to live soon. Everything is awesome, just one thing I'm aware that my public database can be read by another site without any protection.

For example, my database have a public data set is posts and can read via Anonymous login. Of course all posts are public, people can get them all with several technologies such as crawling, but read directly from Firebase database causing me uncomfortable.

I've read some articles and answered question on SO, for example How to prevent other access to my firebase and feel better a bit.

But for client-only application, there is no other solution to protect firebase public data from reading directly ?

Community
  • 1
  • 1
yeuem1vannam
  • 957
  • 1
  • 7
  • 15
  • Set your security rules `{ "rules": { ".read": "auth !== null" } }` and only authenticated users can read data from your database. Note that there is an entire [guide dedicated to learning how to secure your data](https://www.firebase.com/docs/security/guide/). Read it, see how it applies to your rules for "only xyz can ready my data". – Frank van Puffelen Apr 12 '16 at 04:03
  • @FrankvanPuffelen I understand your answer and we already applied this rules. But people still can use a simple JS client to read my database. – yeuem1vannam Apr 12 '16 at 04:09
  • 1
    Yeah, so if that is a concern for you, you'll need to make a list of the conditions under which you want your data to be accessible and translate that into security rules. But keep in mind that "only from my app" is simply not a thing with a public, cloud-hosted database. – Frank van Puffelen Apr 12 '16 at 04:14
  • I am also facing the same issue and we need to complaint to firebase developer to add a solution like add whitelist domain for the public database – Midhilaj Apr 16 '18 at 07:52

0 Answers0