Firebase your realtime database has insecure rules warning

0
votes

I have a website that uses Firebase Realtime Database. It usually sends me e-mail about insecure rules warning. I searched about this here and Firebase Documantation, but when I write other rules, it gives me such error:

Error saving rules - Line 10: String can't contain ".", "#", "$", "/", "[", or "]"

{
  // Allow anyone to read data, but only authenticated content owners can
  // make changes to their data

  "rules": {
    "some_path/${uid}": {
      ".read": true,
      // or ".read": "auth.uid != null" for only authenticated users
      ".write": "request.auth.uid == uid"
    } SHOWS ME ERROR IS HERE.
  } 
}

I am using this rules for now:

{
  "rules": {
    ".read": true,
      ".write": false
  }
}

enter image description here

here is one picture that I try one of other rules called Mixed public and private access.

I will be very glad if anyone can help me.

1
firebase-realtime-databasefirebase-security
Can you edit your question to show a screenshot of the error message in the Firebase console?Frank van Puffelen
In the rule below it is not giving an error, but after I publish that rule I cannot get any data from Realtime Database.Ozan Bilgiç
You didn't apply the change from @sarthak's answer, which is definitely a mistake in your rules.Frank van Puffelen
I tried @sarthak's answer again yesterday, and it accepted. I got an insecure rules e-mail again and now it says: We've identified the following issues with your security rules: any user can read your entire databaseOzan Bilgiç
You're welcome. Given that sarthak identified the first problem in their answer, don't forget to upvote or accept that answer too.Frank van Puffelen

1 Answers

2
votes

The syntax does not seem correct to refer to a child resource, check below syntax to achieve the desired effect

{
  "rules": {
    "some_path": {
      "$uid": {
        ".write": "$uid === auth.uid"
      }
    }
  }
}

https://firebase.google.com/docs/database/security