+ 1

IMPORTANT: How to change my security rules to this in firebase?

I have a database in firebase which holds my newsletter subscribers info. This is private information so I obviously can't allow full read and write access. The user should only be able to write to my database if they are on a certain domain name. For example, they can only write to the database if they are on let's say google.com. The only person who can read the database should be me when I'm signed into my google account. How do I implement these security rules? Btw this is firebase for web.

20th Sep 2020, 1:43 AM
Coder
Coder - avatar
8 Réponses
+ 2
Hira A 👩🏻‍💻 Thanks for tagging. They can edit the header to deceive the server of a fake domain name. Use the Firebase Auth API. Firebase Authentication Tutorial Series, by The Net Ninja https://www.youtube.com/playlist?list=PL4cUxeGkcC9jUPIes_B8vRjn1_GaplOPQ
20th Sep 2020, 4:34 PM
Gordon
Gordon - avatar
+ 1
You could change it via settings tab in firebase
20th Sep 2020, 10:18 AM
Mayank Gupta
Mayank Gupta - avatar
0
Mayank Gupta I know that, I'm asking how to change it to what I want. Like read: should be only for me And write should only be for people on a certain url
20th Sep 2020, 12:33 PM
Coder
Coder - avatar
0
Gordon can you try solving my question pls?
20th Sep 2020, 4:32 PM
Coder
Coder - avatar
0
Gordon Thanks for answering, I guess I'll have to put a sign up form 🤨
20th Sep 2020, 5:31 PM
Coder
Coder - avatar
0
Gordon But what if I didn't put a sign up form and the user can just enter their email to write to the db? I'll limit the requests to only my website by using google api keys dashboard. Do you think it will still be vulnerable to attackers?
20th Sep 2020, 5:36 PM
Coder
Coder - avatar
0
Sorry I am not knowledgeable in this aspect.
21st Sep 2020, 6:47 AM
Gordon
Gordon - avatar
0
Gordon K thanks for your help
21st Sep 2020, 12:03 PM
Coder
Coder - avatar