Firebase Database Hacked

Obfuscate your API and Tokens,

Read this.

and

If you authenticate everyone with some login process you will need to experiment with this, however this “should” allow anyone authenticated to ready /posts/ . Only the user to write to /$uid/, and anyone authenticated to read and write chat.

“rules”: {
“posts”: {
“.read”: “auth !== null”,
“$uid”: {
“.write”: “$uid === auth.uid”
“chat”:{
“.read”: “auth !== null”,
“.write”: $auth !== null",
}
}
}
}

1 Like