Menu
I have a very simple Firebase app that is being read and written to via JavaScript all on the client-side. There are no user accounts or server-side applications on my end.
Right now, anyone looking at my JavaScript can copy my Firebase URL and have full read/write access permissions.
Is there any easy way for me to secure this somehow considering I'm doing everything on the client side?
I'm having trouble understanding their documentation and how I can solve this use case.
514
Data access is managed through Firebase's security rules language, that you can find in the Security & Rules tab of your Firebase dashboard.
When you create a new Firebase backend for an app, it defaults to allowing full read/write to everyone.
{
"rules": {
".read": true,
".write": true
}
}
The simplest possible change is to allow everyone to read, but no-one to write:
{
"rules": {
".read": true,
".write": false
}
}
This way you can only make changes to the data when you're an administrator, i.e. when you're using the Firebase dashboard.
The Firebase documentation has an entire section dedicated to securing your data.
133
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
