0

Quick question: I am creating a blogging site with Firebase and it wants me to set up safe rules everytime. As long as people cannot get info from database, because they cannot call get() and set() functions from debug console, why do i need rules? Can they get my credentials and use it in another app and how can i prevent it with rules? Thanks by now!

My Current Rules:

{
  "rules": {
    ".write": true,
    ".read": true
  }
}
Dharmaraj
  • 47,845
  • 8
  • 52
  • 84
SandyTrolling
  • 11
  • 1
  • Welcome to Stackoverflow, can you please provide more details on what you mean by "module function" and more details along with any related code? If you are referring to altering client side code, then checkout linked answer for more information. What are your current rules that are marked as insecure? – Dharmaraj Feb 06 '23 at 13:48
  • To answer the updated question, REST API can be used to access Firebase resources directly without even opening your app. See linked answer for detailed explanation. – Dharmaraj Feb 06 '23 at 15:15
  • "As long as people cannot get info from database, because they cannot call get() and set() functions from debug console" That is precisely what they **can** do with Firebase: they can take your configuration data, and call the API themselves with it. See https://stackoverflow.com/questions/37482366/is-it-safe-to-expose-firebase-apikey-to-the-public/37484053#37484053 – Frank van Puffelen Feb 06 '23 at 15:17

0 Answers0