Menu
I am getting a warning email from Firebase Firestore every day saying that:
"any user can read your entire database"
But in my case it's an open database where everyone can read the data. I have set up my security rules like so:
service cloud.firestore {
match /databases/{database}/documents {
match /{document=**} {
allow read: if true;
allow write: if request.auth.uid == 'xxxxx';
}
}
}
What is the problem and how do I stop this warning email?
456
To set up and deploy your first set of rules, open the Rules tab in the Cloud Firestore section of the Firebase console. Write your rules in the online editor, then click Publish.
Remove indexesGo to the Cloud Firestore section of the Firebase console. Click the Indexes tab. Hover over the index you want to delete and select Delete from the context menu. Confirm that you want to delete it by clicking Delete from the alert.
Solution: Rules that restrict read and write access. Build rules that make sense for your data hierarchy. One of the common solutions to this insecurity is user-based security with Firebase Authentication. Learn more about authenticating users with rules.
The Admin SDK bypasses Firebase Security Rules and should only be used from a trusted environment like Firebase Functions or a server you control. The Admin SDK doesn't send a request unless the app has passed Attestation, and should not be used for testing.
You can turn these emails off from the Alerts settings in the Firebase console
To configure alerts, do the following:
Click 🛎 Firebase alerts in the upper-right corner of the Firebase console.
Choose the project that you want to receive email alerts about.
Check relevant boxes to choose whether you'd like alerts in the Firebase Console, over email, or both.
Also see: Configure Email Alerts
108
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
