Firebase Firestore email regarding insecure rules

0
votes

So I recieved a firebase firestore mail today saying:

Firebase: Your Cloud Firestore database has insecure rules

We ve detected the following issue(s) with your security rules: any user can read your entire database

Because your project does not have strong security rules, anyone can access your entire database. Attackers can read all of your data, and they can drive up your bill. Analysis is run daily. If you've modified your rules in the last 24 hours that may not be accounted for.

Is this a warning or is it compulsory to add authentication to my project? I want anyone to be able to read my Firestore database.

1
firebasesecuritygoogle-cloud-firestorefirebase-security

1 Answers

0
votes

This is a warning. You can set rules according to your requirement. However, it is recommended that you secure your database with some sort of rules so that no one can steal your data. For more info read this: Firebase rules

So according to this page in firebase documentation, it is written that "Not recommended: Read and write access to all users." .But nowhere they have mentioned that it is a must.

You can use time rule which has a timestamp as a restriction.

   rules_version = '2';
    service cloud.firestore {
    match /databases/{database}/documents {
        match /{document=**} {
  allow read: if request.time < timestamp.date(2021, 12, 1);
     }
      }
        }