In Firebase security rules how can you stop hackers running a script for signup to your website? bare in mind I need them to be able to signup

Question

In Firebase security rules how can you stop hackers running a script for signup to your website? bare in mind I need them to be able to signup externally on my homepage so I

Answer 1

You want to allow users to write, but only to their own user entry. That's actually easy to do with rules:

{
  "rules": {
    "users": {
      "$uid": {
        ".read": "auth != null && auth.uid == $uid",
        ". write": "auth != null && auth.uid == $uid"
      }
    }
  }
}

This says /user/{$uid} can only be read or written by a user who is signed in, and who's user ID matches the {$uid} part of the path. Take a look at the rules quickstart for more.