Hi I have the Firebase project, and when I create the databases, I create some rules for testing. Now, they expire, and they close my project. It is my first time working with Firebase projects, and I have no experience. I show you how I have defined the rules for both Cloud Firestore and the Realtime Database. The project is an application in which users can register and leave their comments. How should I set the rules for my databases to be secure? How should I write my rules code? I was absent from my project for a few days and they wrote to me from Google, which closes my project in two days. I have looked for information, but I do not know how to create the rules so that they are correct and my project also works
I EDIT MY QUESTION to add details
In my application I only want registered users to be able to write comments.
The alert that Firebase shows me is the following:
"Its security rules are defined as public, so anyone can steal, modify or delete data from its database."
The databases are empty, so there are no records yet.
Can you help me? Firebase will close my project if I don't write the rules right, the rules shouldn't be public.
I read the documentation that Firebase offers, but I don't really understand how to create my rules.
They show something like this, for authenticated users:
// Allow read/write access on all documents to any user signed in to the application
service cloud.firestore {
match /databases/{database}/documents {
match /{document=**} {
allow read, write: if request.auth != null;
}
}
}
And on the other hand they show these rules:
**// Allow read/write access to all users under any conditions
// Warning: **NEVER** use this rule set in production; it allows
// anyone to overwrite your entire database.
service cloud.firestore {
match /databases/{database}/documents {
match /{document=**} {
allow read, write: if true;
}
}
}**
I don't know which one I should use exactly, and how I should write them, so that in my React Native app users can leave feedback.
Can you help me ?
I show the code of the rules of my databases
//REALTIME DATABASE
{
"rules": {
".read": true,
".write": true
}
}
//CLOUD FIRESTORE
rules_version = '2';
service cloud.firestore {
match /databases/{database}/documents {
// This rule allows anyone with your database reference to view, edit,
// and delete all data in your Firestore database. It is useful for getting
// started, but it is configured to expire after 30 days because it
// leaves your app open to attackers. At that time, all client
// requests to your Firestore database will be denied.
//
// Make sure to write security rules for your app before that time, or else
// all client requests to your Firestore database will be denied until you Update
// your rules
match /{document=**} {
allow read, write: if request.time < timestamp.date(2020, 9, 2);
}
}
}
You can use the following rule where only authenticated users can write and read to the database.
For Cloud Firestore:
// Allow read/write access on all documents to any user signed in to the application
service cloud.firestore {
match /databases/{database}/documents {
match /{document=**} {
allow read, write: if request.auth != null;
}
}
}
For Realtime Database:
// Only authenticated users can access/write data
{
“rules”: {
“.read”: “auth != null”,
“.write”: “auth != null”
}
}