Menu
How do I prevent other users from accessing my Realtime Database via my Firebase URL? What must I do to secure it to only my domain?
448
The answer is anyone. Firebase doesn't require an SQL user or anything, just connect. Use firebase security rules, validation rules, and functions, to guarantee data consistency.
To use the Firebase Storage we need to authenticate a user via Firebase authentication. The default security rules require users to be authenticated.
Short Answer : Yes, But it will be hard than a website.
First of all, understand that you cannot secure any URL on the internet according to the origin domain--malicious users can simply lie. Securing the origin domains is only useful in preventing cross-site spoofing attacks (where a malicious source pretends to be your site and dupes your users into logging in on their behalf).
The good news is that users are already prevented from authenticating from unauthorized domains from the start. You can set your authorized domains in Forge:
Now to secure your data, you will go to the security tab and add security rules. A good starting point is as follows:
{ "rules": { // only authenticated users can read or write to my Firebase ".read": "auth !== null", ".write": "auth !== null" } } Security rules are a big topic. You will want to get up to speed by reading the overview and watching this video
171
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
