0

Swift 3.0 iOS 11.x

So link my swift app to a firebase using the standard 

FirebaseApp.configure()

I log into it with a user I have created, authentication registers good and I create a database on it. All good.

I take a different device and try log in with a user who doesn't exist, authentication fails and I am unable to access the database. All good.

But wait, I create another user; and given I know the path of the database I find I have access to it. Which would seem reasonable, and yet it isn't.

Imagine I have 10 different app users, they all have their own databases; and yet as long as they are authenticating to firebase, they potentially mess each other up since everyone seem to have access to everyone else's database as long as they have authenticated. Indeed I look at this post... How to link between Authenticated users and Database in Firebase? which seems to suggest things are a little tighter, and yet evidently their not.

I'v missed something fundamental here haven't I?

user3069232
  • 8,587
  • 7
  • 46
  • 87

1 Answers1

3

This is secured through Firebase Rules. You can check out the documentation for full detailed information about the topic.

The structure you are looking for would look something like this:

{
  rules: {
    $uid: {
      ".read" = "auth.uid == $uid", 
      ".write" = "auth.uid == $uid"
    }  
  }
}

You have to be careful with this one because this does not apply to every database structure. This one would work, if you create a node for every user in the root of your database and specify the users authentication id as the key. A user could only access the data in the node with his Firebase Authentication id, although in that node all data, also every child node of it.

Check out the docs for more information. You can find your rules in the Firebase Console in the Database tab.

creativecreatorormaybenot
  • 114,516
  • 58
  • 291
  • 402