Firebase Rules VS App Rules

Hello community

I have got a doubt. I want to try to understand if it is enough with the rules I established within Kodular, or if it is needed to establish them as well in “Rules in firebase”?

For example, I’ve established through the blocks which project buckets can be seen/modified by the users I want to - Do I need to establish that in firebase rules? Is there any risk if I don’t do it?

Thank you very much!

Which rules, can you elaborate?

If you are talking about this then you don’t need to add any rule, just make sure read and write rule in firebase is true so you can make changes and read data

I read that if we don’t use at least this secure level

{
“rules”: {
“.read”: “auth.uid !== null”,
“.write”: “auth.uid !== null”
}
}

the database can be insecure? so adding rules like I mentioned above the only thing to do is ensure the database?

{
“rules”: {
“.read”: “auth.uid !== true”,
“.write”: “auth.uid !== true”
}
}

I use these rules, only authenticated users can access the DB

1 Like

That doesn’t make the database completely insecure, just less secure, it means that if you don’t use this rules then anyone having the api key, firebase token can access it but if you use these rules, then only the ones who have authenticated to your firebase can access it

Yeah u have to specify them in your firebase rules too…on server end