What should I do if a Firebase security rule letter arrives?

Question

Reached mail what needs to be made?

rules:

rules_version = '2';
service cloud.firestore {
  match /databases/{database}/documents {

    // This rule allows anyone on the internet to view, edit, and delete
    // all data in your Firestore database. It is useful for getting
    // started, but it is configured to expire after 30 days because it
    // leaves your app open to attackers. At that time, all client
    // requests to your Firestore database will be denied.
    //
    // Make sure to write security rules for your app before that time, or else
    // your app will lose access to your Firestore database
    match /{document=**} {
      allow read, write: if request.time < timestamp.date(2020, 2, 15);
    }
  }
}

Is it worth the worry? Will this break the application if nothing is done?

score 1 · Answer 1 · answered Feb 10 '20 at 21:31

Your security rules are set to reject all access to your database on the date specified in the rules:

timestamp.date(2020, 2, 15)

Which is February 15, 2020. This will probably make your app stop working.

You can bump the date back if you want, but you should definitely implement proper rules so that your database isn't readable and writable by anyone with an internet connection.

What should I do if a Firebase security rule letter arrives?

1 Answers1

Related