0

My current Android Application makes use of the Firebase Realtime Database.

I am struggling with the security Rules as I wish to allow only a Single User to be able to Write data while allowing any authenticated user to read data.

I have set these rules but am unsure if they are secure enough...

{
  "rules": {
    ".read": "auth != null",
    ".write": "auth.uid === 'xxxxxxxxxxxxxxxxxxxxxxx'"
  }
}

Where 'xxxxxxxxxxxxxxxxxxxxxxx' is the specified user I wish to allow to write data.

Is a users uid a constant value?

What does the "Authenticate" option manage when clicking on the Simulate button when testing out new rules?

Frank van Puffelen
  • 499,950
  • 69
  • 739
  • 734
Hector
  • 2,576
  • 16
  • 87
  • 165

1 Answers1

4

Once a user's UID is generated, it will never change. So checking the UID in the security rules is indeed a common way to ensure only that specific user has a certain permission. I do this on almost every project when getting started for the initial (admin-type) users.

Frank van Puffelen
  • 499,950
  • 69
  • 739
  • 734