Menu
I have a little web app that constitues of only JavaScript/JQuery files.
It's kind of anonymous link based messaging app, so there's no authentication stuff.
I'm worried that someone can easily read/write to my database.
Is there any setting/security rule with which i can allow read/write requests from my domain only? (same origin policy)
725
You don't own your data Plus, it was not possible to export our data when we had hundreds megabytes hosted. We had to contact Firebase by email. Notice: exporting data email/password data is possible by contacting Firebase Team, but not from Dashboard.
By default, your rules do not allow anyone access to your database. This is to protect your database from abuse until you have time to customize your rules or set up authentication. Describes if and when data is allowed to be read by users. Describes if and when data is allowed to be written.
These rules are hosted on Firebase servers and are applied automatically at all times and you can change the rules of your database in Firebase console. You just have to select your project, click on the Database section on the left and select the Rules tab.
How do they work? Firebase Security Rules work by matching a pattern against database paths, and then applying custom conditions to allow access to data at those paths. All Rules across Firebase products have a path-matching component and a conditional statement allowing read or write access.
I would recommend just using the basic make sure they are logged in rule
{
"rules": {
// only authenticated users can read or write to my Firebase
".read": "auth !== null",
".write": "auth !== null"
}
}
But wait, I want to stop access from other domains!
Well you can set the authorized domains from the authorization panel in the firebase console. This would only allow users to log in from your url and only your url and only logged in users can read/write.
89
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
