How to manage Firebase RealtimeDate base Security Rule for Production App

Question

I am new in Development. I have a very basic Question but I tried to find it on google and did not understand. My question is that.

In firebase Google said that the meaning of:

{
   
 “rules”: {

    “.read”: true,
    “.write”: true
 }

}

is that anyone can interrupt in this type of security rules, even a person who doesn't use your app. I got it. Now, If I want to make a chat app or a small social app then what kind of security rule should I use?

Is this rule is enough to make my app secure? that I post below:

{
  
 "rules": {

    ".read": "auth != null",
    ".write": "auth != null",
}

My app Goal is to authenticate a user through Firebase Authentication before using my app, My app will have chat option and simple Question posting option. Hope I clear it up. IDE is Android Studio with Flutter, Dart as language.

Answer 1

To make your data secure, your rules should allow exactly what your code uses and nothing more. It is unlikely that your code read the entire database for every signed in user, so you can probably change these rules to restrict access more without losing any functionality in your app.

Writing security rules is a pretty big topic though, and we've already covered part of it quite a few times here, so I recommend checking out the answers to:

• Firebase email saying my realtime database has insecure rules
• Firebase Your Realtime Database has insecure rules
• Prevent user from finding users that have blocked them Firebase
• Firebase Realtime Database - Rules with anonymous authentication