How to create a firebase database rule that allows users to search for friends by email without showing all of the email in the database?
Tommie C.
Background:
Trying out firebase for the first time and I'd like to create a query that allows one to search for an email address but that returns only matching results. I'd also like to ensure that folks cannot simply go to the website and pull all of the emails in the database. At the extreme, I think I could encrypt the email and decrypt in the client but it would be great if I could structure the data and some rules to enforce this behavior.
I'm a bit unsure how to organize the users so that the data and query would only show users with an exact match on the email address.
I haven't set this up yet but I am capturing the following user data..
Lucas Ávila
Kato Richardson
You can find two examples of indexing users by email here: https://gist.github.com/katowulf/6479129
Note that the index method (#2) is compatible with the security you want. Rules would be something like:
{
"emails_to_ids": {
// no read allowed at the collection level (can't list emails)
"$email": {
// but I can check a specific email address
".read": true // or "auth != null" perhaps
}
}
}
--
You received this message because you are subscribed to the Google Groups "Firebase Google Group" group.
To unsubscribe from this group and stop receiving emails from it, send an email to firebase-talk+unsubscribe@googlegroups.com.
To post to this group, send email to fireba...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/firebase-talk/7ecc9dff-2e6d-4a03-badb-a23269d5f632%40googlegroups.com.