0

I’ve been thinking if this is possible with Firebase Suppose I Request Firebase Realtime Database

https://<database name>.firebaseio.com/Bucket&Code:<alphanumeric code>

So whenever I want to Access Firebase it should Only give access to read & Write if the code is there Please Note this is different from Aunthicated Firebase RT Database

If it is possible then How to make it? Thanks in Advance

I Tried using conditions but it was always giving an error on the variables

Frank van Puffelen
  • 565,676
  • 79
  • 828
  • 807
everything king
  • 1
  • 1
  • you can create a firebase function and check the presence of the code in there, or use request headers. In Firestore you can access request headers but i do not have much knowledge on realtime database. – mcy Jun 25 '23 at 16:20

1 Answers1

1

In cases like this, I recommend just treating the code as part of the path. So the path then becomes:

https://<database name>.firebaseio.com/Bucket_Code/<alphanumeric code>

And in your rules you ensure that you can only access the path if you know it, so that you can't read the path above it:

{
  "rules": {
    ".read": false,
    "Bucket_Code": {
      "<alphanumeric code>": {
        ".read": true
      }
    }
  }
}

Now in order to be able to access the data, you need to know the entire path - including the code. And once you know the path (including the code), you have access to the data.

This topic has been covered a few times over the years, so I recommend also checking out:

Frank van Puffelen
  • 565,676
  • 79
  • 828
  • 807
  • Doesn't it still make my data vulnerable to hackers – everything king Jun 26 '23 at 11:51
  • Anyone who has the full path (including the access code) can access the data. Only you can decide whether "not knowing the code" is enough of a security measure for your needs. But any other approach will have to depends on somehow knowing the user, so them signing in. --- Your original question above was "Can we limit access to a path in Firebase based on a secret code?" though, which I hope I answered above. Also see [What should I do when someone answers my question?](https://stackoverflow.com/help/someone-answers) – Frank van Puffelen Jun 26 '23 at 12:00
  • Thanks for the response. My actual objective is to keep the firebase safe from hackers or someone with the link. I want my Web App to Request/write data with a URL only and only through the app and only using URL – everything king Jun 26 '23 at 14:12
  • If you want only you own application code to write to Firebase, have a look at https://firebase.google.com/docs/app-check – Frank van Puffelen Jun 26 '23 at 16:28