If I were to build a site without database interaction (no login on the site) with firebase. Do I need to change default security rules that looks like this:
{
"rules": {
".read": true,
".write": true
}
}
This red exclamation sign in the security & rules section says that I better write some security rules. So the question is, is it safe to leave this as is if you don't use login/signup ?
The thing is, FireBase has changed a lot. The new admin area has predefined security measures in place. So, you don't really have to worry about that anymore.
The default set of rules are
{
"rules": {
".read": "auth != null",
".write": "auth != null"
}
}
And in case you want to open them up for both read and write permissions, you can roll back to
{
"rules": {
".read": true,
".write": true
}
}