Firebase Rules - Just my website Read and write data

Asked

Viewed 13 times

0

I have a simple, public form that I created for a staff to register information. No authentication.

Currently my Realtime database has the rules in Default:

{
  "rules": {
    ".read": false,
    ".write": false
  }
}

How do I write a rule that only my form reads and writes in this data collection? Thus, data can be manipulated publicly by having access to authentication information.

Thank you.

1 answer

0

If you do not have any type of authentication there is no way to ensure by (via the access rules of rtdb) access by any external client. There are some ways you can work around that I have in mind. you can create a Function cloud that duplicates what is written to a safe place on rtdb that only you have access to. so you don’t have to worry about third-party manipulation. you can also try to do is to create an extra layer of protection is all access to your site create an anonymous user automatically and protect with your rules with. write or . read": "auth != null. but still someone can login outside the environment of your site since it is an anonymous login. but can already resolve. finally to have 100% security Voce needs authentication

Browser other questions tagged

You are not signed in. Login or sign up in order to post.