Restricting Firebase read/write access to only myself
I have a static website which runs:
config =
apiKey: "HIDDEN"
authDomain: "HIDDEN"
databaseURL: "HIDDEN"
storageBucket: ""
firebase.initializeApp(config)
in the browser (it's compiled to javacript) to authenticate with Firebase's server.
Am I confused here? Is this a valid way to authenticate with Firebase from the browser? I got the code from their "web" tutorial, so I'm figuring it is.
Now, I need to configure my Firebase database rules so that me and only me can read & write it.
How could I accomplish this? Would this example be adequate?
this is the given example for allowing read/write to authenticated users only
{
"rules": {
".read": "auth != null",
".write": "auth != null"
}
}
The firebase.initializeApp(config) does not authenticate you, it merely identifies your project on the Firebase servers. It's the equivalent that you must know your home address to be able to know where to go after work. Knowing the address is a prerequisite, but it is not enough to gain access.
If you want to restrict data access to "just you", that means that you must first identify yourself with Firebase. This you do with Firebase Authentication. For example, to sign in with email+password you'd do:
firebase.auth().signInWithEmailAndPassword(email, password)
Read the documentation for email+password authentication for the full steps.
Once you're authenticated, you get a unique id; a so-called uid. You can find your uid in the Auth tab of your Firebase Console.
With this uid you can control access to the data (both database and storage). So if you copy your uid from the console and add it to your security rules, only you (or someone who knows your email+password) can access the database:
{
"rules": {
".read": "auth.uid == 'e836f712-4914-41df-aa80-5ade6b8b7874'",
".write": "auth.uid == 'e836f712-4914-41df-aa80-5ade6b8b7874'"
}
}
Note that I added one of my own uids in this snippet. Just like knowing your API key or database URL is not a security risk, neither is knowing my uid. Knowing that I am Frank van Puffelen, user:209103 on Stack Overflow, does not mean that you can impersonate me.
- Keep numbers which appear in both columns, in J lang
- Differentiation in J
- How to reshape an array with an arbitrary size in one dimension?
- Why is Insert (fold) right associative
- Write 4 : 'x&{.&.;: y' tacitly
- Alignment issue when printing formatted prime numbers in J language
- How can I define a verb in J that applies a different verb alternately to each atom in a list?
- How to get user input in the J programming language
- How to unbox a list of boxed lists of differing lengths in J?
- How can I fix 'noun result was required' error in J?
- In j, how can I define a verb locally in one scope and pass it to a defined adverb?
- Convert boxed array to normal array?
- Read column of CSV file as array
- Replace atom in array of strings
- What does the dyad `=` do to boxed strings?
- Index of minimum element using J
- How can I take the outer product of string vectors in J?
- Building an array of verbs in J
- Reading in multidigit command line parameter
- Amend with bond to new data shows unexpected behaviour
- How to turn a table or matrix into a (flat) list in J
- How to run dissect in J?
- How to define selection using index function in J
- How to exit the J console?
- Find 4-neighbors using J
- Writing custom verbs in J
- How do I negate a selector in J lang?
- How to use arbitrary selector in interchange in J lang?
- different result once square root is added inside tacit
- Sum of arrays with repeated indices