Stack Overflow
Stack Overflow

Questions tagged [firebase-security]

The Firebase Security API uses a flexible authentication system and an expression-based rules language to provide a very flexible security model.

Security Rules determine who has read and write access to the data in your Firebase Database, Cloud Storage for Firebase, and Cloud Firestore. These rules live on the Firebase servers and are enforced automatically at all times. Every read and write request will only be completed if your rules allow it.

For the Firebase Database and Cloud Firestore, the rules also validate how your data is structured, and what indexes exist. For Cloud Storage, the rules can also be used for data validation, including validating file name and path as well as file metadata properties such as content type and size. For Cloud

To learn more about Firebase's Security API, see:

Related tags

5411 questions
217
votes
9 answers

How to protect firebase Cloud Function HTTP endpoint to allow only Firebase authenticated users?

With the new firebase cloud function I've decided to move some of my HTTP endpoint to firebase. Everything works great... But i have the following issue. I have two endpoints build by HTTP Triggers (Cloud Functions) An API endpoint to create users…
spaceMonkey
  • 4,475
  • 4
  • 26
  • 34
155
votes
10 answers

Firebase Permission Denied

I'm relatively new to coding and am having trouble. I have this code to send data to firebase app.userid = app.user.uid var userRef = app.dataInfo.child(app.users); var useridRef = userRef.child(app.userid); useridRef.set({ locations: "", …
Robert Prine
  • 2,633
  • 5
  • 14
  • 17
78
votes
6 answers

How to export security and index rules from Firestore?

I've set up multiple different indexes on my Firestore development database. Now, I would like to export them into the firestore.indexes.json so that the process of setting up prod environment would be easier. Is there a way to export those indexes…
uksz
  • 18,239
  • 30
  • 94
  • 161
69
votes
1 answer

How do I implement a write rate limit in Cloud Firestore security rules?

I have an app that uses the Firebase SDK to directly talk to Cloud Firestore from within the application. My code makes sure to only write data at reasonable intervals. But a malicious user might take the configuration data from my app, and use it…
Frank van Puffelen
  • 565,676
  • 79
  • 828
  • 807
56
votes
4 answers

How can I login with multiple social services with Firebase?

I want users to be able to authenticate to my Firebase application using multiple different auth providers, such as Facebook, Twitter, or Github. Once authenticated, I want users to have access to the same account no matter which auth method they…
Andrew Lee
  • 10,127
  • 3
  • 46
  • 40
55
votes
2 answers

How do I prevent un-authorized access to my Firebase Realtime Database?

How do I prevent other users from accessing my Realtime Database via my Firebase URL? What must I do to secure it to only my domain?
Serhat Koroglu
  • 1,263
  • 4
  • 19
  • 41
47
votes
4 answers

Firebase rate limiting in security rules?

I launched my first open repository project, EphChat, and people promptly started flooding it with requests. Does Firebase have a way to rate limit requests in the security rules? I assume there's a way to do it using the time of the request and…
Brian Mayer
  • 989
  • 3
  • 13
  • 23
45
votes
3 answers

how do I implement role based access control in firebase

This is my first foray into Firebase & nosql, I come from a SQL background. Using Simple Login Security Email/Password, how do I limit access to data in Firebase? For example, some user will have access to create a business object (users,…
acole76
  • 533
  • 1
  • 5
  • 8
44
votes
1 answer

"error": "Index not defined, add ".indexOn"

I have created a database in Firebase which looks like: Now I go into a REST client and issue this query: https://movielens3.firebaseio.com/movieLens/users.json?orderBy="age"&startAt=25&print=pretty It gives me an error: "error": "Index not…
Knows Not Much
  • 30,395
  • 60
  • 197
  • 373
43
votes
4 answers

How do I deploy Firebase Database Security rules using the command line?

In older versions of Firebase, we could add a rules section to our firebase.json file, and upload new security rules on every deploy. How do we use the firebase-tools v3 command-line tools to deploy database security rules? This page says that it's…
Seth Ladd
  • 112,095
  • 66
  • 196
  • 279
42
votes
3 answers

Firebase email saying my realtime database has insecure rules

I recently received an email from firebase telling me that my realtime database has insecure rules. These are the rules that I have set: { "rules": { ".read": "auth != null", ".write": "auth != null" } } Is this not a secure…
F0r3v3r-A-N00b
  • 2,903
  • 4
  • 26
  • 36
40
votes
3 answers

Can Firebase Cloud Storage rules validate against Firestore data?

Can we use Firestore data to grant or restrict access to files hosted on Firebase Cloud Storage? Exemple of what I would like to use as Firebase Security Rule allow write: if…
Remi
  • 693
  • 8
  • 17
39
votes
3 answers

Cloud Firestore Security Rules allow write only from Firebase function

I'd really like to be able to secure my firestore db by allowing only firebase functions to write to the specific collection... how would I go about doing that? Looking at there documentation I do not find anything that might state how you could do…
realroo
  • 423
  • 6
  • 9
39
votes
2 answers

Is it necessary to encrypt chat messages before storing it into firebase?

As far as I know, Firebase sends data over an HTTPS connection, so that the data is already being encrypted. Although Firebase provides security rules to protect my data structure, I can still be able to see the string messages in the database. I'm…
JeffMinsungKim
  • 1,940
  • 7
  • 27
  • 50
39
votes
4 answers

Missing or insufficient permissions when writing to Firestore using field in access rules

I am getting an error when attempting to write to Firestore. I am attempting to use a field containing the user uid for my security rule. service cloud.firestore { match /databases/{database}/documents { match /messages/{document=**} { …
Leo Farmer
  • 7,730
  • 5
  • 31
  • 47
1
2 3
99 100