Stack Overflow
Stack Overflow

Questions tagged [firebase-security]

The Firebase Security API uses a flexible authentication system and an expression-based rules language to provide a very flexible security model.

Security Rules determine who has read and write access to the data in your Firebase Database, Cloud Storage for Firebase, and Cloud Firestore. These rules live on the Firebase servers and are enforced automatically at all times. Every read and write request will only be completed if your rules allow it.

For the Firebase Database and Cloud Firestore, the rules also validate how your data is structured, and what indexes exist. For Cloud Storage, the rules can also be used for data validation, including validating file name and path as well as file metadata properties such as content type and size. For Cloud

To learn more about Firebase's Security API, see:

Related tags

5411 questions
14
votes
2 answers

Firestore security rules for public and private fields

As for security rules of Firebase Realtime Database, both public and private data can exist in the same tree using such as the following rule. However, when using Firestore, it doesn't seem to enable us to do the same because the chuck of data we…
miz-k
  • 965
  • 1
  • 7
  • 9
14
votes
3 answers

Firebase security rules: restrict write only to this uid, except for a couple of fields

In Firebase I have a users "node", which looks like: users: { someUid: { username: 'someUsername' activeConversations: {}, profile_picture: '' ... lots of other children }, ... }, anotherNode: { }, ... hundreds of other…
Dan P.
  • 1,707
  • 4
  • 29
  • 57
14
votes
1 answer

How to write a rule to prevent any deletion of node from database

I am trying to write rules to secure database. But I am confused on writing a rule which will prevent from deleting any node from database. I have read regarding newData.existsbut when I tried running it in simulator deletion was succeeded! As a…
MrAlpha_SU
  • 331
  • 4
  • 17
14
votes
1 answer

Is it safe to use Firebase UID as QR code tag?

If I used the Firebase user UID as a QR code tag, is this a wise way? What is the consequences if the UID is known by public? Will this give any chance for a hacker to modify the user privacy data?
Jason Hoch
  • 805
  • 1
  • 7
  • 7
14
votes
5 answers

How to find out if an email is already registered with Firebase Simple Login?

I am using firebase (with Angularfire) for an html5 phone app. The user inputs only their email in the start screen, and then, depending on whether that email is already registered or not, the user is redirected to the login or registration page,…
Jarnal
  • 2,138
  • 2
  • 26
  • 43
14
votes
1 answer

What is Firebase's cross-domain policy?

How does Firebase handle cross origin issues, and what are the underlying security concerns and how are they handled?
Rob DiMarco
  • 13,226
  • 1
  • 43
  • 55
14
votes
1 answer

Firebase security rule gives permission denied?

I'm struggling to set the proper security rules for my application. An overview of the application I'm writing is that users can register themselves using email and password (I'm using Firebase Simple Login for this which works perfectly). Once…
codef0rmer
  • 10,284
  • 9
  • 53
  • 76
13
votes
1 answer

Firebase Realtime database rules "Unknown variable 'request'."

Does anyone know why I can't use this snippet from here https://firebase.google.com/docs/rules/basics#realtime-database_2
sanevys
  • 559
  • 1
  • 7
  • 27
13
votes
3 answers

Flutter Firestore Authentication

I have a Flutter project that's using the cloud_firestore plugin for data access. Once a user authenticates to the application, what do I need to do to set that as the authentication used by the Firestore client? For example, I just have these basic…
cloudwalker
  • 2,346
  • 1
  • 31
  • 69
13
votes
2 answers

Firestore security rules - can I query for a document with specific fields?

Can you make security rules that runs a query to check if a matching document is found? I'm building a system where a logged in user can vote on specific topics. Every single vote will be saved in its own document, with a reference to the user, the…
Esben von Buchwald
  • 2,772
  • 1
  • 29
  • 37
13
votes
3 answers

Locking down Firebase DB access to specific apps

I think from searching the web this is not technically possible but I want to ask again in case I'm missing something. I have an app that uses Firebase. Reading and writing is locked down through security rules for authorised users only but there's…
JamesR
  • 950
  • 1
  • 7
  • 17
13
votes
3 answers

Firestore security rules for `list` request

In the Firestore security rules, is it possible to check certain document fields when using a list query? Using Angular, I want to retrieve a single document from the userprofiles collection using its username property as follows: let userprofile =…
Ben
  • 15,938
  • 19
  • 92
  • 138
13
votes
2 answers

Firestore security rule get() not working

In firestore I want a user to only access a document if the user is in the teamid mentioned in the document. Now I have a different collection called teams where I have users mapped as { user_id = true }. So I have the following in the Firestore…
Anubhav
  • 7,138
  • 5
  • 21
  • 33
13
votes
3 answers

Authentication for firebase hosting

I have a static app hosted on Firebase hosting whose backend is also on Firebase(communicating using firebase JS api). I want to add a simple auth page to all pages of this website so that only users I want can access this site. Is this…
ayushgp
  • 4,891
  • 8
  • 40
  • 75
13
votes
4 answers

How safe is auth !== null? Firebase

I've been using Firebase for quite some time, but I only now decided to really look into the security rules. My question is, how safe is "auth !== null"? Yes, I realize that this means that only an authenticated user can access the data, but how…
Neil Shweky
  • 893
  • 2
  • 10
  • 23
1 2 3
99 100