'What is the rule of firebase realtime database that shows users all its data with security [closed]
What is the rule of firebase realtime database that shows users all its data with security
{ "rules": { ".read": "auth != true", ".write": "auth != true" } }
This rule is not provide user security
Solution 1:[1]
As explained in the doc you need to use the uid property of the auth variable in a Security Rule to identify the user.
But the exact rule depends on your data model.
The below example, copied/pasted from the documentation (cf. above link), is based on the following data model: a users node contains, for each user, a sub-node with an id equivalent to the user uid.
{
"rules": {
"users": {
"$user_id": {
// grants write access to the owner of this user account
// whose uid must exactly match the key ($user_id)
".write": "$user_id === auth.uid"
}
}
}
}
It's up to you to adapt it to your specific data model.
You may be interested by this answer which explains that, in certain cases, relying on the fact a user is authenticated is not sufficient. Again it depends on your specific case.
Sources
This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.
Source: Stack Overflow
| Solution | Source |
|---|---|
| Solution 1 |