rules do not work

39 views
Skip to first unread message

Marco Alvarado

unread,
May 15, 2022, 11:47:20 PMMay 15
to Firebase Google Group
Hallo,
I have the following rules for my database:

{  
  "rules": {
   
    "cps": {
     
      ".read" : "auth != null",
      ".write" : "auth != null"
    },
      "sections": {
       
        ".read" : "auth != null",
      ".write" : "auth != null"
      },
  }
}

tree:   root - cps - userX - ...
                    -scetions - userX - ...

My data is not protected at all. Why is this? Thanks!

Andreas B

unread,
May 16, 2022, 4:29:03 AMMay 16
to Firebase Google Group
Checking just for "auth != null" means that any authenticated user can read/write all those paths in your database. If you want to ensure that individual users can only read their own data, for example, you need to compare "auth.uid" with part of your path as in the second code snippet on this page: https://firebase.google.com/docs/database/security

Marco Alvarado

unread,
May 17, 2022, 10:47:04 AMMay 17
to Firebase Google Group
I try that, thanks!
Reply all
Reply to author
Forward
0 new messages