firebase-security-rules

How do I implement a write rate limit in Cloud Firestore security rules?

阅读更多关于 How do I implement a write rate limit in Cloud Firestore security rules?

问题 I have an app that uses the Firebase SDK to directly talk to Cloud Firestore from within the application. My code makes sure to only write data at reasonable intervals. But a malicious user might take the configuration data from my app, and use it to write an endless stream of data to my database. How can I make sure a user can only write say once every few seconds, without having to write any server-side code. 回答1: Every read or write operation to your database, is validated on Google's

Allow update on single field in firestore

阅读更多关于 Allow update on single field in firestore

问题 I want to give a user the right to update a document. But ONLY if the user updates one specific field of this document. All other fields shouldn't be changed by this user. Is this possible in firestore? I tried something like this: function isUpdateToOpenField(attr) { return attr == get(/databases/$(database)/documents/stores/$(store)).data.open; } allow update: if isUpdateToOpenField(request.resource.data); But I don't know how to compare if the update corresponds to the right field. 回答1:

Firebase email saying my realtime database has insecure rules

阅读更多关于 Firebase email saying my realtime database has insecure rules

问题 I recently received an email from firebase telling me that my realtime database has insecure rules. These are the rules that I have set: { \"rules\": { \".read\": \"auth != null\", \".write\": \"auth != null\" } } Is this not a secure rule? Email/Password is the only sign-in method that I have enabled. 回答1: firebaser here I'm sorry if the email wasn't very explicit about what isn't secure about those rules. Securing your user's data is a crucial step for any app that you make available, so I

Firebase chat app setValue failed error with a public database?

阅读更多关于 Firebase chat app setValue failed error with a public database?

I have a chat app using Firebase that keeps on having a setValue at x failed: DatabaseError: permission denied error every time I type a message. I set my Database to be public already: service cloud.firestore { match /databases/{database}/documents { match /{allPaths=**} { allow read, write: if request.auth.uid != null; } } } Is it something from within my chat reference? private void displayChat() { ListView listOfMessage = findViewById(R.id.list_of_message); Query query = FirebaseDatabase.getInstance().getReference(); FirebaseListOptions<Chat> options = new FirebaseListOptions.Builder<Chat>

Firebase chat app setValue failed error with a public database?

阅读更多关于 Firebase chat app setValue failed error with a public database?

问题 I have a chat app using Firebase that keeps on having a setValue at x failed: DatabaseError: permission denied error every time I type a message. I set my Database to be public already: service cloud.firestore { match /databases/{database}/documents { match /{allPaths=**} { allow read, write: if request.auth.uid != null; } } } Is it something from within my chat reference? private void displayChat() { ListView listOfMessage = findViewById(R.id.list_of_message); Query query = FirebaseDatabase