Simple protections for write access Firebase Realtime Database

0
votes

I need a simple way to stop anyone from copying the code below into their inspector tool to add false scores. There are no users, I just want to restrict write access from the browser. Is there a way to do this with security rules in Firebase Realtime Database? Right now I just have ".read": true, ".write": true, and validations.

        firebase
          .database()
          .ref("scores")
          .push({
            name: name,
            score: score
          });
1
javascriptfirebase-realtime-databasefirebase-security

1 Answers

1
votes

If you want to limit write access to only the users signed into your app/project with Firebase Authentication (including anonymous users), your write rule should minimally contain what's suggested in the documentation:

".write": "auth != null"