reinierl
commented
3 years ago Btw, I have also taken the liberty of deploying the rules in this form already :D
Closed reinierl closed 3 years ago
reinierl
commented
3 years ago Btw, I have also taken the liberty of deploying the rules in this form already :D
This makes it so that people, even if they are determined and tech-savvy, cannot read other peoples' chats.
The file
database.rules.jsonin the project root that's added in this pull request contains Security Rules that describe who can read and write what to the Firebase Realtime Database.This file is referenced from
firebase.json. It can be deployed to Google's servers by doingnpm run deploy-security-rules. Only people with the appropriate permissions on the Cycle Planet project in Firebase can do this.After that, Google's servers will reject any write or read that is not permitted by these rules. As the check against the rules is executed on the server, no amount of playing around with the Javascript Console or altering the source code should allow people to get around this check. Only admins of the Cycle Planet project can work around the security rules, either by using the UI of the Firebase Console or by deploying new Security Rules.