How to safely allow user to delete responses from Firebase-queue?

Question

I'm using Firebase with Angular2 and Firebase-queue as a batch server.

Clients send tasks to the server and sometime they are waiting for a response.

Client can read the response using the request id. But then, what happens to the response ? I guess only the client can delete it but I don't really like to give .write to the client.

So I'm trying to figure out a way to secure this .write access.

Question: Is It possible to give .read and .write access only to the user that own the request key?

The response itself and even the /responses node would not be readable for the others.

I'm trying to avoid people(evil) deleting responses before the user can read it.

score 0 · Answer 1 · edited May 23 '17 at 12:24

0

Frank van Puffelen answered the response here.

If I only want auth user to able to use it, I should use the following rules right?

"responses": {
  ".read": "false",
  ".write": "false",
  "$responses": {
    ".read": "auth != null",
    ".write": "auth != null",
  }
}

edited May 23 '17 at 12:24

Community

1
1

answered Nov 20 '16 at 14:22

Tom

785
10
26

How to safely allow user to delete responses from Firebase-queue?

1 Answers1

Linked