Firebase Database Security

0
votes

I'm new to Firebase database so I have a questions concerning the database.

My database rules so far is public like this:

  "rules": {
    ".read": "auth == null",
    ".write": "auth != null"
  }

I want the access to my database info (read and write) to be only for my application. I want to make my firebase to only allow read and write instructions if the appID or BundleIdentifier or something that identifies that it is my app who's trying to operate.

Is it possible? I don't want to use Firebase user authentication. With the configurations I have so far is it possible for anyone in the world to access my database?

1
firebasefirebase-realtime-databasefirebase-security

1 Answers

2
votes

It's not possible to use the app's ID with Realtime Database security rules. The list of properties you can use in rules is documented here.

Also, if you want to allow full read access to your database, consider also saying this:

"rules": {
    ".read": true
}

What you have now ".read": "auth == null", only allows read access if you are not authenticated. Authenticated users would not be able to read, which doesn't sound helpful.