firebase-security

问题 I have some concerns about using Firestore directly from mobile clients. I saw that with Firestore, mobile app is controls to db directly. There is only db side control is rules. However I am not yet understand how can I resolve my concerns. I worrying because with decompiling app or any other ways maybe someone can access maliciously. To resolve my concerns and improve the security I want to: Limit access per time for user. For example if some one writes or reads db 30 second ago I want to

问题 I would like to use data in the realtime database to allow user access in the firestore database. Is it possible to reference nodes in the realtime database from the firestore security rules? 回答1: It is currently not possible to cross between database products like this in security rules. Please feel free to file a feature request for this. You can, however, write code to run on Cloud Functions that deals with database changes after the change has happened, and undo or restrict the change

问题 I'm sure I'm missing something wrt Firebase Storage rules, but I've done the following: STEP 1 Firstly I set the following Firebase Storage rule: service firebase.storage { match /b/{bucket}/o { match /items/{dev_key}/{perm_id}/{file_name} { allow write: if request.auth.uid == dev_id; allow read: if request.auth.token.permId == perm_id; } } } I expected only signed in users with a custom claim permId matching the relevant location to be able to download the file, allow read: if request.auth

问题 I am confused with index rules in firebase. I have this database and I wanted to extract distance_traveled in battery_and_cables . The thing is, 1 is something like a userID set by the user itself so that will vary. I used this code in pyrebase to extract the distance_traveled db.child("mileage_maintenance").order_by_child("distance_traveled").get() but I get Index not defined, add ".indexOn": "distance_traveled", for path "/mileage_maintenance", to the rules This is my database: Any my rules

问题 I am confused with index rules in firebase. I have this database and I wanted to extract distance_traveled in battery_and_cables . The thing is, 1 is something like a userID set by the user itself so that will vary. I used this code in pyrebase to extract the distance_traveled db.child("mileage_maintenance").order_by_child("distance_traveled").get() but I get Index not defined, add ".indexOn": "distance_traveled", for path "/mileage_maintenance", to the rules This is my database: Any my rules

问题 I am confused with index rules in firebase. I have this database and I wanted to extract distance_traveled in battery_and_cables . The thing is, 1 is something like a userID set by the user itself so that will vary. I used this code in pyrebase to extract the distance_traveled db.child("mileage_maintenance").order_by_child("distance_traveled").get() but I get Index not defined, add ".indexOn": "distance_traveled", for path "/mileage_maintenance", to the rules This is my database: Any my rules

问题 Recently found out the database rules can be set to validate whether the database already have the same data but currently it just accepted same data to insert but how to validate and prevent same input of username and email? { "rules": { ".read": true, ".write": true, "username":{ ".validate": "!root.child('username').child(newData.val()).exists()" }, "email":{ ".validate": "!root.child('email').child(newData.val()).exists()" } } } The root child is created by email authentication uid and

问题 Recently found out the database rules can be set to validate whether the database already have the same data but currently it just accepted same data to insert but how to validate and prevent same input of username and email? { "rules": { ".read": true, ".write": true, "username":{ ".validate": "!root.child('username').child(newData.val()).exists()" }, "email":{ ".validate": "!root.child('email').child(newData.val()).exists()" } } } The root child is created by email authentication uid and

问题 I have documents in firestore collection called 'inventories' of the following structure: { creator: string, images: string[], } the creator field is the uid of the user who created the document. In my firestore rules section I have the following rules: service cloud.firestore { match /databases/{database}/documents { match /inventories/{inventoryid} { allow read, write: if request.auth.id == resource.data.creator; } } } In my ionic application I do the following: this.inventoryCollection =

问题 This question already has answers here : Firebase Security Rules Storage from specific web url (2 answers) Closed 5 months ago . I am building the application which uses the Fiberbase Storage, I do not want the user to log in or signup, just allow them to upload files through my website only. I don't want others to copy the Firebase config key and use in their website to upload a file on my firebase account, so I want to set up some rules which will restrict access over the certain domain 回答1