Hardening Firebase Rules

[omer88]

Fixes #62 You can view the security issue in this report.

Solution

I removed the rule ".write": "auth != null && newData.child('author').val() == auth.uid" from /books/$book_id/offers/$offer_id since it was useless and instead, added the author check to the validation rule, because validation rules are not cascading.

An analysis on the fixed rules can be seen here.

[cgerling]

For sure I'm merging your changes, thanks for the analysis.