Stack Overflow
Stack Overflow

Questions tagged [firebase-security]

The Firebase Security API uses a flexible authentication system and an expression-based rules language to provide a very flexible security model.

Security Rules determine who has read and write access to the data in your Firebase Database, Cloud Storage for Firebase, and Cloud Firestore. These rules live on the Firebase servers and are enforced automatically at all times. Every read and write request will only be completed if your rules allow it.

For the Firebase Database and Cloud Firestore, the rules also validate how your data is structured, and what indexes exist. For Cloud Storage, the rules can also be used for data validation, including validating file name and path as well as file metadata properties such as content type and size. For Cloud

To learn more about Firebase's Security API, see:

Related tags

5411 questions
12
votes
2 answers

Firebase - How to write/read data per user after authentication

I have tried to understand but not able to see how and where might be the data I am storing after login is going. public static final String BASE_URL = "https://xyz.firebaseio.com"; Firebase ref = new Firebase(FirebaseUtils.BASE_URL); …
Mithun
  • 2,075
  • 3
  • 19
  • 26
12
votes
1 answer

Is Firebase really Secure?

I'm looking into using Firebase for a project that's otherwise a static site with js. Is it possible to secure the connection to the database in a static site? Wouldn't all security rules, the end point url, etc all be exposed in the js code letting…
Kombo
  • 2,371
  • 3
  • 34
  • 64
12
votes
1 answer

how to make sure only my own website (clientside code) can talk to Firebase backend?

I've read about Firebase and it looks awesome for what I want to do. I've read about authentication and how based on rules certain logged-in users are authorized to do different stuff. Al good. However, I'm unsure about another type of security:…
Geert-Jan
  • 18,623
  • 16
  • 75
  • 137
12
votes
1 answer

Many-to-many using Firebase

Lets say I have two kinds of objects users and accounts. Users can have many Accounts and share them with other Users. So AccountA might be available to User1 and User2. While AccountB is only available to User1. So User1 has two accounts, and User2…
rmontgomery429
  • 14,660
  • 17
  • 61
  • 66
11
votes
1 answer

Is it possible to add comments to Firebase Firestore rules?

I've been unable to find anything in the docs that say whether you can add comments, i.e. rules_version = '2'; service cloud.firestore { match /databases/{database}/documents { match /{document=**} { // Testing the removal of this line: …
Djave
  • 8,595
  • 8
  • 70
  • 124
11
votes
3 answers

firebase firestore rules authenticated access to all collections except one

I have the following firestore structure, basically 3 collections publicdata protecteddata1 protecteddata2 I want to have protecteddata1 and protecteddata 2, and really the entire firestore database as authenticated users only. But i want the…
GMan
  • 444
  • 1
  • 11
  • 24
11
votes
2 answers

Firebase Storage Security Rules for Groups

I know there are several questions regarding this (e.g. https://stackoverflow.com/a/52808572/3481904), but I still don't have a good solution for my case. My application has Groups, which are created/removed dynamically, and members (users) can be…
ernewston
  • 923
  • 6
  • 22
11
votes
1 answer

Firestore Rules - Datatype Validation

I've read multiple questions in Stack Overflow and the documentation but I couldn't find multiple validations that I can imagine that exist. Per example, it is possible to check if request.resource.data.description is string but can is it possible…
André
  • 703
  • 1
  • 6
  • 18
11
votes
1 answer

Can't get Firestore Rules get() to work inside a function

Firestore doesn't work well with get inside a function I have this rule service cloud.firestore { match /databases/{database}/documents { function isProjectOpenForAssign() { return…
Gal Bracha
  • 19,004
  • 11
  • 72
  • 86
11
votes
2 answers

How to set Firestore security rules? resource.data: Null value error

I need some help making my security rules for firestore work. These are my firestore rules: service cloud.firestore { match /databases/{database}/documents { match /orders/{orderID} { allow read, update: if request.auth.uid ==…
Mohd Imran
  • 113
  • 1
  • 6
11
votes
1 answer

Firebase Rules: How to block anonymous access?

Reading the Firebase Rules Documentation I couldn't find anything on how to block anonymous access to a specific collection or document. In other words, I want to block users who are not logged in, and I also want to block users who are logged in as…
Eduardo Yamauchi
  • 821
  • 7
  • 25
11
votes
1 answer

Firebase firestore not updating email verification status

I have my security rules setup like so (in firestore console). service cloud.firestore { match /databases/{database}/documents { match /{document=**} { allow read: if request.auth.uid != null && request.auth.token.email_verified; …
3366784
  • 2,423
  • 1
  • 14
  • 27
11
votes
2 answers

Firestore security rules with reference fields

I am a bit stuck here as there is no way to debug those rules. I'd appreciate help with below rules. I want to access: /modules/module-id/sessions/session-id/parts/ The comparison with null in the first part of hasCompletedPrerequisiteSession()…
toto11
  • 1,552
  • 1
  • 17
  • 18
11
votes
4 answers

Firebase permission-denied

I'm a newbie in firebase. How do I get through this below rule? service cloud.firestore { match /databases/{database}/documents { match /{document=**} { allow read, write: if false; } } } I've tried to change the rule to below, { …
user3415167
  • 1,013
  • 2
  • 13
  • 23
11
votes
1 answer

Is it possible to integrate Firebase Auth with an external SQL database?

I would like to use Firebase Auth to authenticate mobile phone clients, but I have an existing PostgreSQL database with lots of functions and triggers that I do not want to convert to NoSQL. Is it possible to authenticate users with Firebase and…
nomad
  • 1,699
  • 5
  • 21
  • 35
1 2 3
99 100