Introduction to Firebase Security Rules - Firecasts

Very informative, clear and to the point.
Thanks guys

Greetings from Tanzania 🇹🇿

raymondmichael

Is Cloud Firestore a good selection for a bank account? Can it be safe and reliable to save people's money which is a number to the Cloud Firestore? My concern is reliability and security. Any suggestions?

belqisshida

please start the series asap and thanks alot really helpful 🙂

vivekbaranwal

I'm so glad you're going to be doing a series on this. After all the tough times I have had over the years with Firebase security. I could request you to make 1 thing easier by way of example. I see loads of developers getting stuck at using the simulator to simulate a token with Custom Claims. I mean an example of the JSON that needs to be put in that simulators textbox, that acts as the token carrying the Custom Claims. And i have 1 question: How do we understand the charges for Rules ?.. I mean we have an idea about Database Read/Writes, but Rules? Is it cheaper than using a CloudFunction to Validate or restrict data?

yoapps

Been a year and we still can't write security rules for cloud storage based on the data in Firestore

anudeepananth

Hi friends, how do you secure data as follows. I have notes
product:{
data1: {
idMaker:
123abc,
....
},
data2: {
idMaker:
123abc,
..
},
...
}
.What I want: all users can set() provided it has child: "name". and only users whose idUser is the same as idMaker can delete. please answer

HadiPrayitnoSPdI

Okay, so why basic security rule examples Google provided don't meet the criteria? I set my database to be readable by anyone, but allow everything else by only authorized users. Yet, I keep getting those warning letters.

darkarchon

A nice video as always @CodingDoug we missed you dude... Please could you make us, real world app with vue js <3 to show us what is best practices...

BaRzOmk

i have a application for mobile where the client can registered and login ... i want firebase data only readable and writeable for me non others .. so that i can handle all clients in database .. because i m the owner of my app.. what rules i should set please send me the example ..

sgouri

What if my rules are published publicly? Will my app become unsafe? Help please .

shuvrodas

Hi brother can u help me pls. I have this security rules for an ecommerce site but why is it that the products are not showing unless I do allow access top the shallowest match path. This line below, knowing if I allow read access to this line then everyone can read all my documents even those I want to set private.
match /{document=**} {
allow read if false;
// I have to set this to true before all products for selling by all users are displayed then I cannot do selective securty if I do set it to true since everything is allowed to be read

rules_version = '2';
service cloud.firestore {

match {
match /{document=**} {
allow read, create, update, delete: if false;

match /users/{uid}{
allow read;
allow update:if request.auth.uid == uid;

match /users/{uid}/products {
allow read;
allow create: if request.auth.uid != null;

match
allow read;
allow create: if request.auth.uid != null;
delete, update: if request.auth.uid == uid;

}
}
}
}
}
}

mataal

I just wanted to check if you could only allow access to firestore from my app domain using security rules, you say rules do not control that. Thanks. Shame though.

khalidsafir

sir, if apk reveres engeenirng is it possible to get google-serice.json file ?

AngurMia

Do you have an example thatdeally works?

ongcz

Look at the view count then look at the number of people leaving comments. What does that tell you?

davidconnelly

Everything is good about firebase except these rules, hate them.

ankit

Great! Could you please aleborate more on how to use anonymous UID?

How does the user's UID should look like when he has just started and is in anonymous state? Which ID to use to upload his data to the Real-time DB?

kirill

Pro tip: There are cases where the Firestore simulator fails but the client SDKs work.

cryptonative