2

I'm using Python on my PC to update the Realtime Database, and that Python script should be the only thing that has access to the Realtime Database, for writing at the very least.

Is there a unique 'token' for the database that I can add to the script that can give it access, and then have the rules only allow access to users with that 'token'.

My thought was to add it here, in the Firebase configuration in Python.

firebaseConfig={
"apiKey": "XXX",
"authDomain": "XXX",
"databaseURL": "XXX",
"projectId": "XXX",
"storageBucket": "XXX",
"messagingSenderId": "XXX",
"appId": "XXX",
"measurementId": "XXX"

*"Unique Token Identifier": "123.."
}

firebase = pyrebase.initialize_app(firebaseConfig)
BellyPoppin
  • 23
  • 3

2 Answers2

2

You can add a database rule which allows your user account only (i.e. your UID to write data).

{
  "rules": {
    ".read": true,
    ".write": "auth.uid === 'your_uid'"
  }
}

These rules will allow anyone to read the data but only you to write. Make sure you change the rules as per your needs so users can only read the data that they are supposed to.

If you are not using Firebase Authentication then an alternative would be to change ".write" to false so no one can write to database and use Firebase Admin SDK which bypasses any security rules to write to database. Admin SDK uses service accounts instead of the public Firebase Config so write a separate script to write to database using Admin SDK and use it on your computer.

Dharmaraj
  • 47,845
  • 8
  • 52
  • 84
  • Pyrebase/Python Script doesn't have a UID. So you're saying the only way is to implement Firebase Authentication? – BellyPoppin Aug 25 '21 at 13:23
  • @BellyPoppin it'll be easiest to use Firebase Auth. You can just create an account for yourself. Else the other way would be to use Admin SDK locally. – Dharmaraj Aug 25 '21 at 13:26
  • I've looked over your edit and yes, I think that would be a better option to use the Admin SDK. Thank you. – BellyPoppin Aug 25 '21 at 13:32
1

If you only run the Python script in a trusted environment, such as your own machine, I recommend adding service account credentials to the setup.

With a service account your script runs as an administrative process that bypasses the security rules, so you can use these rules to ensure that only your script can access the database:

{
  "rules": {
    ".read": false,
    ".write": false
  }
}
Frank van Puffelen
  • 565,676
  • 79
  • 828
  • 807