Firebase rules & security

Question

I have a database like this:

The first key is the userId, has to be connected, and the next keys only him can read and write. How I can manage the rules to be safe and no one can't see the key of each other ? I begin with that but I don't think is enough

{
  "rules": {
    ".read": "auth != null",
    ".write": "auth != null"
  }
}

So your top node, `UWgfq...` in this case, is the user ID? – André Kool Apr 11 '18 at 14:36 — André Kool, Apr 11 '18 at 14:36

score 1 · Accepted Answer · answered Apr 11 '18 at 14:43

Because you are using the user ID as a key you can use it in your rules to make sure users can only read/write to their own nodes like this:

{
  "rules": {
      "$user_id": {
        ".write": "$user_id === auth.uid",
        ".read": "$user_id === auth.uid"
      }
  }
}

For more information you can take a look at the firebase docs about User Based Security and Securing Data. For a more extencive answer about linking users to their data you can take a look at my answer here.

Firebase rules & security

1 Answers1