I'm so glad you're going to be doing a series on this. After all the tough times I have had over the years with Firebase security. I could request you to make 1 thing easier by way of example. I see loads of developers getting stuck at using the simulator to simulate a token with Custom Claims. I mean an example of the JSON that needs to be put in that simulators textbox, that acts as the token carrying the Custom Claims. And i have 1 question: How do we understand the charges for Rules ?.. I mean we have an idea about Database Read/Writes, but Rules? Is it cheaper than using a CloudFunction to Validate or restrict data?
Is Cloud Firestore a good selection for a bank account? Can it be safe and reliable to save people's money which is a number to the Cloud Firestore? My concern is reliability and security. Any suggestions?
Hi friends, how do you secure data as follows. I have notes product:{ data1: { idMaker: 123abc, .... }, data2: { idMaker: 123abc, .. }, ... } .What I want: all users can set() provided it has child: "name". and only users whose idUser is the same as idMaker can delete. please answer
Okay, so why basic security rule examples Google provided don't meet the criteria? I set my database to be readable by anyone, but allow everything else by only authorized users. Yet, I keep getting those warning letters.
I just wanted to check if you could only allow access to firestore from my app domain using security rules, you say rules do not control that. Thanks. Shame though.
The team is pretty responsive about fixing those differences. If you report it to Firebase support, they will escalate to engineering if they're able to reproduce it. support.google.com/firebase/contact/support
The local emulator is still in beta, meaning it's likely to change in ways that might break in the future. So, we're going hold off on video content until things settle down, so we don't spin up a bunch of effort on a video that becomes obsolete too soon. (It's time-consuming and expensive to make these things!)
i have a application for mobile where the client can registered and login ... i want firebase data only readable and writeable for me non others .. so that i can handle all clients in database .. because i m the owner of my app.. what rules i should set please send me the example ..
Hi brother can u help me pls. I have this security rules for an ecommerce site but why is it that the products are not showing unless I do allow access top the shallowest match path. This line below, knowing if I allow read access to this line then everyone can read all my documents even those I want to set private. match /{document=**} { allow read if false; // I have to set this to true before all products for selling by all users are displayed then I cannot do selective securty if I do set it to true since everything is allowed to be read rules_version = '2'; service cloud.firestore { match /databases/{database}/documents { match /{document=**} { allow read,create,update,delete: if false; match /users/{uid}{ allow read; allow update:if request.auth.uid == uid; match /users/{uid}/products { allow read; allow create: if request.auth.uid != null; match /users/{uid}/products/{product}{ allow read; allow create: if request.auth.uid != null; allow delete,update: if request.auth.uid == uid; } } } } } }
Great! Could you please aleborate more on how to use anonymous UID? How does the user's UID should look like when he has just started and is in anonymous state? Which ID to use to upload his data to the Real-time DB?
There will be future videos about using the UID, so stay tuned for that. There is just the one UID per Firebase Auth account. It doesn't change if you later allow the user to link another auth provider account to their Firebase Auth account.
Some of the data from google-services.json is compiled into the app as string resources that get read by the Firebase SDK. It's all essentially public information. As long as you're using Firebase Authentication and security rules properly, there shouldn't be any issues.
@@dougstevenson3769 i am warrid to some one can be change my firebase data if it possible , like - haker devlop new app and make my data change. thanks
