0

I am creating a website where users can register and add their personal info in their profile section and chat with others etc.... so this website is a startup idea meaning that we will publish it and then do some marketing to get customers, I want a suggestion from a senior firebase developer that which security rules should i define then? because test mode is not secure and if i choose production mode then users can't register because it does not allow read write access, so what are the secure and strong rules for firebase production mode for a real world application which will be served to millions of users. What could be the security rules of companies who are using firebase?

P.S: I would also like to hear some tips/tricks about security, optimization etc...

Test Mode? or Production Mode? if(Production Mode){ then('what rules') }

Frank van Puffelen
  • 565,676
  • 79
  • 828
  • 807
Spidey Code
  • 1
  • 1

1 Answers1

0

There is no singular answer for "good rules for my production app" just like there is no singular answer for "good code for my production app".

You will have to develop security rules that match with the code of your app. I recommend:

  1. Start in production mode, so with the database locked down for all client-side access.
  2. Implement the first use-case in your application code.
  3. Watch the code fail, because the permission is denied by your rules.
  4. Make the minimal change to your rules that allow the current code to work, but all other possible code to still fail.
  5. Repeat from step 2.

There is no shortcut for this, just like there is no shortcut for writing the code for your application.

Also see:

Frank van Puffelen
  • 565,676
  • 79
  • 828
  • 807