Android config firebase realtime database rule for normal user access

0
votes

My application has integrated Chat feature using Firebase Realtime DB for storing chat content. Recently, I received the email has content:

[Firebase] Your Realtime Database ***** has insecure rules

My app's using authentication by server-side without integrating Firebase Authen. So, if I set the read/write rules to false, the normal user can not chat. How to resolve this issue? Thanks!

{
  "rules": {
    ".read": false,
    ".write": false
  }
}
2
androidfirebasefirebase-realtime-databasefirebase-security

2 Answers

1
votes

Making read and write public is not a good idea . For server side you are good to go with admin sdk. But form client end you should use some kind of authentication. You can use Authentication available with credentials, Anonymous authentication or custom token authentication. Rules will be like :-

{
 "rules": {
".read": "auth !== null && auth.uid !== null",
".write": "auth !== null && auth.uid !== null"
 }
}
0
votes

If you are making the user sign-in before accessing the database, change the rules to..

".read" : "auth != null",
".write" : "auth != null"

This will let the, authenticated users to access the database.