+ 1
IMPORTANT: How to change my security rules to this in firebase?
I have a database in firebase which holds my newsletter subscribers info. This is private information so I obviously can't allow full read and write access. The user should only be able to write to my database if they are on a certain domain name. For example, they can only write to the database if they are on let's say google.com. The only person who can read the database should be me when I'm signed into my google account. How do I implement these security rules? Btw this is firebase for web.
8 Answers
+ 2
Hira A đ©đ»âđ» Thanks for tagging.
They can edit the header to deceive the server of a fake domain name.
Use the Firebase Auth API.
Firebase Authentication Tutorial Series, by The Net Ninja
https://www.youtube.com/playlist?list=PL4cUxeGkcC9jUPIes_B8vRjn1_GaplOPQ
+ 1
You could change it via settings tab in firebase
0
Mayank Gupta I know that, I'm asking how to change it to what I want.
Like read: should be only for me
And write should only be for people on a certain url
0
Gordon can you try solving my question pls?
0
Gordon Thanks for answering, I guess I'll have to put a sign up form đ€š
0
Gordon But what if I didn't put a sign up form and the user can just enter their email to write to the db? I'll limit the requests to only my website by using google api keys dashboard. Do you think it will still be vulnerable to attackers?
0
Sorry I am not knowledgeable in this aspect.
0
Gordon K thanks for your help