0

Expected behavior

With the recommended firebase queue security rules, see https://github.com/firebase/firebase-queue/blob/master/docs/guide.md#queue-security, a set operation should not overwrite existing tasks in the queue.

Actual behavior

Existing tasks in the queue > tasks can be overwritten with 

//This overwrite the user_reminder_queue > tasks > data (This behaviour is undesirable)

//this overwrite all my data in my tasks node. I want to prevent malicious hackers from performing this overwrite. How do I prevent is through the recommended security rules
queueRef.child('tasks').set({
    'taskIdabc': {
        'message': 'happy 22: )',
        'pushKey': '-Xsdf24rasdfsdfG',
        'reminder_date': '12-12-2017',
        'hello': 'world'
    }
});

More details, check out the issue on github: https://github.com/firebase/firebase-queue/issues/109

slvn dev
  • 55
  • 2
  • 4
  • Given that you already reported the issue on Github, what's your question for us here? – Frank van Puffelen Feb 07 '17 at 04:13
  • Just wanted to share this here so that others who are implementing firebase queue can reference this in the future. If any expert here have an answer that will be great! If it is inappropriate I can close this. ;) – slvn dev Feb 07 '17 at 04:40
  • Is this a security bug that all firebase queue users should be concerned? – Jek Feb 07 '17 at 04:40
  • I'm voting to close this question as off-topic because it seems a pure duplicate of an issue reported on Github and not a question. – Frank van Puffelen Feb 07 '17 at 14:59

0 Answers0