Basic Firebase Security Rules for Sketchware Apps


Welcome to our special page which is very important to increase security of your firebase apps, it will help to minimize threats on your server. It is recommended to learn firebase very well i.e. how to handle huge data in more efficient way before security rules.

Firebase Real-time Database:

1. No Security:

{
  "rules": {
    ".read": true,
    ".write": true
  }
}
}

2. Close server (No access):

{
  "rules": {
    ".read": false,
    ".write": false
  }
}

3. Only Authenticated Users can read & write the data:

{
  "rules": {
    ".read": "auth != null",
    ".write": "auth != null"
  }
}

4. Only user can read & write his own data:

{
  "rules": {
    "posts": {
       "$uid": {
         ".read": "$uid === auth.uid",
         ".write": "$uid === auth.uid"
       }
     }
   }
}
You should also make sure that the keys of user data should be authenticated UID otherwise it won't work.

5. Only Admins can read & write the data:

{
 "rules":{
   "announcements":{
    ".read": true,
    ".write": "root.child('badges/admin/' + auth.uid).exists()"
        }
    }
}


6. Only Particular User can write:

{
 "rules":{
    ".read": true,
    ".write": "auth.uid == 'pasteYourUID' "
      }
}


7.  Only Users having verified emails can write:

{
"rules":{
    ".read": true,
    ".write": "auth.token.email_verified === true"
}

FIREBASE STORAGE RULES WILL BE ADDED LATER AFTER TESTING IT
If you have more rules idea, please comment on the post, it will help lot of users.
Sources: 

6 comments:

  1. how do I encrypt all my firebase

    ReplyDelete
    Replies
    1. There are lot of Moreblocks available in Sketchware. It is recommended to encrypt your data with random password.

      Delete
    2. This Encryption method might helped you : https://en.wikipedia.org/wiki/Public-key_cryptography

      Delete
  2. Replies
    1. Please you can't understand properly without testing them.

      Delete
    2. Sorry, I understood from the beginning, only some were not very clear.

      Delete

Powered by Blogger.