Open androidovshchik opened 5 years ago
@fritexvz Sorry but this is a very very bad config) Is there any more secure?
True said. You can use it for debug and testing.
But, regarding the security, this one is the most suitable:
DB
{
"rules": {
".read": "auth != null",
".write": "auth != null"
}
}
STORAGE
service firebase.storage {
match /b/{bucket}/o {
match /{allPaths=**} {
allow read, write: if request.auth!=null;
}
}
}
Description: Account has to be signed-in, with one or more enabled options available on Firebase Sign-in method tab.
Full link: https://stackoverflow.com/questions/42101663/firebase-database-secure-without-firebase-auth
With the above rules you cannot even read the JSON file with basic HTTP URL like exmplained here (REST API) - without authenticated user: https://firebase.google.com/docs/reference/rest/database#section-param-download
I suppose you are using Realtime Database? I am not yet familiar with Firestore.
Use Real Database - click on the dropdown select "Cloud FireStore" and choose Real-Time Database.