hello guys i have a problem my application has been hacked for more details my database has been hacked it is actually not hacked because it is not protected because the rules were true what is the way i can do it as we are rules as the user can read and write in the rules But he cannot access my database and steal it, like what happened to me. The application, for more details, is an application to provide content, and this content is in the form of videos. I do not want all people to access these videos, but rather to specific people, so I hope that my problem will be solved, when I set the rules true true so that people can write so that they can write their personal data when logging in and be able to read as the videos are returned through firebase real time database and the videos are in the form of links and the video player plays them, but I was surprised that someone hacked my database. My question is what The rules that I can write so that people can watch videos and write their personal data, but my database is not hacked. For information, I do not use Firebase authentication, juste the database in real time
Why not using any encryption algorithms?
if you distribute in APK format anyone will be able to decompile and read your google-services.json file.
therefore i think you need to set security rules in firebase
I’m sorry to hear that you’ve experienced a security breach in your application’s database. Protecting your app’s data is crucial, and implementing proper security measures is essential to prevent unauthorized access. Here are some steps you can take to enhance the security of your Firebase Realtime Database:
-
Authentication: Although you mentioned you’re not using Firebase authentication, I strongly recommend implementing user authentication. This would allow you to control who has access to your database. By using authentication, you can ensure that only authorized users can access your content.
-
Database Rules: Define strict security rules for your database. You should restrict both read and write access to only authenticated users. You can create rules that allow specific users or user groups to access certain parts of your database.
-
Data Validation: Validate the data that users are writing to the database. Make sure that the data being added is in the correct format and adheres to your application’s requirements.
-
Use Firebase Storage: If your content is in the form of videos, consider using Firebase Storage to store these videos. You can control access to files in Firebase Storage separately from the Realtime Database.
-
Server-Side Code: If you’re providing content to specific users, consider using Cloud Functions or a server-side component to retrieve and serve the content. This way, you have more control over who can access the content and how it’s delivered.
-
Rate Limiting and Monitoring: Implement rate limiting to prevent abuse and excessive requests from a single user or IP address. Regularly monitor your database activity for unusual behavior.
-
Sensitive Data: Avoid storing sensitive data in plain text. If you need to store sensitive information, consider encrypting it before storing it in the database.
-
Security Audits: Regularly perform security audits to identify potential vulnerabilities in your application.
Remember that security is an ongoing process, and it’s important to stay informed about the latest security practices. While these steps can significantly enhance the security of your application, consulting with a security expert or a developer experienced in Firebase can provide you with more tailored advice for your specific situation.