0
{
  "rules": {
    
    ".read": "true",  
      ".write": "true",
  }
}

Even after updating my rules with this, still I'm receiving warnings that I should update my firebase realtime database and also, I have also received that if I have modified rules in last 24 hours, those changes are not accounted for, what do I do now?

Frank van Puffelen
  • 565,676
  • 79
  • 828
  • 807
prateek choudavarpu
  • 23
  • 4

1 Answers1

1

The rules in your question allow anyone in the world to read and write whatever they want in your database. If they know the URL of your database, they can steal and/or wipe all of your data with a single call.

That's what the Firebase email is warning you about. I highly recommend studying it carefully, and then following up with:

Frank van Puffelen
  • 565,676
  • 79
  • 828
  • 807
  • So if I Edit my rules more securely, then firebase wont send me any warnings? – prateek choudavarpu Feb 25 '21 at 10:12
  • //'code' { "rules": { "user":{ ".read": "true", ".write": "root.child('admin').hasChild(auth.uid)", } } } this is how I have updated the rules. Is it ok now sir? @Fank van Puffelen – prateek choudavarpu Feb 25 '21 at 10:54
  • 1
    Yes, if you write more secure rules you shoud stop getting that warning and that rule should be enough if you need public read access to your DB. – Ralemos Feb 25 '21 at 13:29