How to secure firebase using roles, when making connections directly from client

Asked Jul 06 '20 at 20:03

Active Jul 06 '20 at 20:49

Viewed 30 times

We get this warning:

[Firebase] Your Realtime Database has insecure rules

    We've detected the following issue(s) with your security rules:
any logged-in user can read your entire database
any logged-in user can write to your entire database
Without strong security rules, anyone who has the address of your 
database can read / write to it, leaving your data vulnerable to attackers
stealing, modifying, or deleting data as well as creating costly operations.

we could give different users different roles, but since the connection is made directly through our client app, what's stopping anyone from changing their role/token etc? How can it ultimately be made more secure?

edited Jul 06 '20 at 20:49

Frank van Puffelen

565,676
79
828
807

asked Jul 06 '20 at 20:03

1

note relevant security procedures? https://firebase.google.com/docs/firestore/security/insecure-rules – Jul 06 '20 at 20:03
1

also see: https://stackoverflow.com/questions/36878040/how-do-i-set-up-roles-in-firebase-auth/46457309#46457309 – Jul 06 '20 at 20:04

How to secure firebase using roles, when making connections directly from client

0 Answers0