Reading Firestore from client side - getting daily rules alerts

[bc10000]

I have a variety of public webpages that read my database and display things based on local javascript processing etc.

I have my Firestore rules set to allow all reads (my writes are locked down).

From everything I've been able to find online this seems to be a reasonable use case. BUT I get daily emails from Firestore warning me of insecure database rules. Am I doing something wrong/bad? Should I just ignore the rules. I'd rather not setup a proxy API if it's not necessary but will if that's best.

Thanks a lot for any input.

Brad

[Sam Stern]

Hi there,

In almost every case, allowing everyone to read your whole database is not a good idea.  Most of the time there's at least some part of your database you need to lock down.  So when we see this pattern, we send an email. 

If your use case is one of the exceptions (a purely public data set) then you can freely ignore or turn off those emails.  

If you want more details just let me know!

Sam

--
You received this message because you are subscribed to the Google Groups "Firebase Google Group" group.
To unsubscribe from this group and stop receiving emails from it, send an email to firebase-tal...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/firebase-talk/992bf075-b2bb-4381-a5cb-4d744e98bdca%40googlegroups.com.

[Bradley Coffield]

That's very helpful! Thank you. Currently all of the data in the database is getting processed and displayed publicly and therefore no worries if someone were to see it in its raw form.

Regards,

Brad

To view this discussion on the web visit https://groups.google.com/d/msgid/firebase-talk/CAHafJBro1zV3ad7s9v%3Dp2poXajGEhdDsZqqnsYiSWMFiOn9%2BFQ%40mail.gmail.com.