0

I keep getting a message from google firebase about the security settings. Iā€™m not sure how I can fix this.

My security rules is as follows

rules": { ".read": "true", ".write": "auth != null" } }

We've detected the following issue(s) with your security rules: any user can read your entire database any logged-in user can write to your entire database

steph
  • 81
  • 1
  • 7
  • 1
    Here are some relevant questions that have a wealth of information on the topic: [How to silence security warnings & how users can attack your database](https://stackoverflow.com/a/69519435/3068190), [applying basic security rules](https://stackoverflow.com/a/69510132/3068190), and [how to tighten your security rules](https://stackoverflow.com/a/68411885/3068190) ā€“ samthecodingman Oct 31 '21 at 09:33

1 Answers1

0

Setting read to true allows anyone with your projectID to view your data. To get rid of the warning, you should restrict read and write access to authorized users only by checking the uid or another user property. Here are the authentication properties you can use to verify the user https://firebase.google.com/docs/rules/rules-and-auth, and here's an example of allowing only authorized users https://firebase.google.com/docs/rules/insecure-rules#access_for_any_authenticated_user.

Tyler Liu
  • 989
  • 1
  • 6
  • 7
  • Thanks for responding. I changed it to auth.id!= null is that safe? ā€“ steph Oct 31 '21 at 03:47
  • No, because any logged in user will have access to your data. You should use the authentication properties to check that the user is someone you trust. For example, `auth.token.email=trustedperson@email.com`. The links I sent contain examples of what is safe and unsafe. ā€“ Tyler Liu Oct 31 '21 at 04:05