firebase-security

问题 I'm trying to secure requests to a collection to allow any single get , but to allow list only if a specific key is matched. Database structure is like this: posts post1 content: "Post 1 content" uid: "uid1" post2 content: "Post 2 content" uid: "uid1" post3 content: "Post 3 content" uid: "uid2" The Firestore query I'm making from Vue: // Only return posts matching the requested uid db .collection("posts") .where("uid", "==", this.uid) The security rules I'd like to have would be something

问题 I have security rule write like this : /databases/{database}/documents { match /collection_COUNTRY_EN/{docId} { allow.... } match /collection_COUNTRY_ES/{docId} { allow... } } Where the rule are identical to all the country. Is there a way to implement regex in the match /path to have the same rule for all the collection that start with something and end with a country code ? Or does i have to structure my data in a different way ? Thanks for your time. 回答1: Security rules do not support

问题 This question already has answers here : Is there any way to give everyone access to firestore database, but only via app? (1 answer) How can I set Rules in Firebase so that only my app can write on my database firestore? (1 answer) Closed 7 months ago . I am making a mobile app with Firestore and React Native. There is no authentication system and upon starting the app, the user download a collection from Firestore. rules_version = '2'; service cloud.firestore { match /databases/{database}

问题 I'm developing an app that doesn't require logging in because there isn't any user-specific data. My original plan was to just make my entire database be read only. However, upon doing some research, I found that those security rules would leave my database very vulnerable. My new plan is to implement anonymous authentication for each new user that opens my app and then delete that user once they exit my app. The security rule would be just to allow reading if the user is authenticated. Is

问题 I am working on a banking app using firebase cloud firestore. I have already set the rules like so: // Allow read/write access on all documents to any user signed in to the application service cloud.firestore { match /databases/{database}/documents { match /{document=**} { allow read, write: if request.auth.uid != null; } } } My database is structured like this: /consumers/{consumer_id}/transactions/{transaction_id} the {consumer_id} will contain the account balance for that consumer along

问题 Right now, in my Firestore rules only registered users have read / write access to my project. However, I also want to verify in my registration process if an E-Mail already exists, which means also anonymous user have access to my "users" data. I am unsure how this is compliant from a security perspective. Should I create something like a "emails" collection and duplicate all E-Mail addresses here and allow anonymous users to query this? 回答1: Yup, that is indeed the typical approach.

问题 I want to set the security rules of the storage to be that only data that send from my web (specific web url) can be stored. Otherwise no one can write and read. this is my code: service firebase.storage { match /b/{bucket}/o { match /{allPaths=**} { allow read, write: if true; } } } but this allows any one to store data. How can I restrict this to my url? 回答1: In addition to Frank's reply. You can use Firebase authentication with anonymous user, so you can create one transparently when a

问题 I am creating Android application with Firestore. My app does not require authentication. Is there any security rule to allows everyone read & write to firestore, but only via my app? I have tried to find some rules, but each of them based on authentication. Thank you for your help! 回答1: No, you can't limit access to your Cloud Firestore only to your application. Since your application needs to know all the details that are needed to access the database, a malicious user can take those

问题 I am creating Android application with Firestore. My app does not require authentication. Is there any security rule to allows everyone read & write to firestore, but only via my app? I have tried to find some rules, but each of them based on authentication. Thank you for your help! 回答1: No, you can't limit access to your Cloud Firestore only to your application. Since your application needs to know all the details that are needed to access the database, a malicious user can take those

问题 New to Firestore security rules and is trying to understand it. I'm trying to write a security rule that allow only admins in my collection to write data and every one to read it. The collection of admins has document ids as admin names, that is for example, "Mary Lane". Within the documents I've fields: email: "userMailId@mail.com" uId: "firestore_user_Id" The uId is the id of Firestore user id. The data to write is an object Message and is: new Message(uId, title, messageBody, timestamp)