0

I am using the firebase real-time database for my android app, I had written the secured rules in a real-time database but it's still showing me this warning.

here are my security rules.

{
  "rules": {
   ".read": "auth.uid !=null",
    ".write":"auth.uid !=null"
   //This is my rules in firebase Real-time database 
  }
}

here is that warning pop up to me

We've detected the following issue(s) with your security rules: any logged-in user can read your entire database any logged-in user can write to your entire database

Rathod Ruturaj sinh
  • 21
  • 7
  • Welcome to SO. Please don’t include links in questions. Include code and errors as text and Firestore structures as a screenshot embedded in the question. Over time, links can break and if they do, future readers wont have access to that info which could invalidate the question. Take a look at [No Images Please](https://meta.stackoverflow.com/questions/285551/why-not-upload-images-of-code-errors-when-asking-a-question) – Jay Nov 06 '21 at 14:08
  • I also recommend checking out https://stackoverflow.com/questions/69612460/firebase-realtime-database-insecure-rules/69617781#69617781 and https://stackoverflow.com/questions/69336771/google-keeps-warning-insecure-rules/69339984#69339984 – Frank van Puffelen Nov 06 '21 at 14:22
  • Looks like you have an accepted answer but I again ask that you do not include links in questions. If the link breaks (which they do) then future readers will not understand the question and it becomes useless. – Jay Nov 07 '21 at 13:12
  • ok, dear thanks for it i will take care of it next time. – Rathod Ruturaj sinh Nov 07 '21 at 13:41

1 Answers1

1

Your security rules are right, but as the documentation says and the warning:

While we don't recommend leaving your data accessible to any user that's signed in, it might be useful to set access to any authenticated user while you're developing your app.

they are not enough, because if anyone wants your data, they can log in and take them all, which is of course big security issue.
So be more specific about what you want users to read, make them only read their data for example , or shared data .
But eventually it depends on the data you stored, if you want all uses to read them(they are not a secret) then don't give this warning another thought.

Remoo
  • 637
  • 7
  • 17
  • yes but I have many nodes to be accessed by users. I have an image node, video, and Order info, so how i can write rules however i am new to firebase rules. – Rathod Ruturaj sinh Nov 07 '21 at 12:41