FAQ Database Discussion Community


Firebase security rule: compare two objects for equality?

firebase,firebase-security
So I want to write a security rule to disallow writes if a child node is different then it previously was. E.g. imagine a situation where you want a node to only be writable on creation but never thereafter. Given this requirement, the most obvious solution would seem to be...

In firebase, how do you secure a specific key whilst allowing access to others

firebase,firebase-security
Having issues getting my head round firebase security yet again. Say I have the following json data structure in firebase { "users" : { "userguid001" : { "name" : "Test User 1", "email" : "[email protected]", "emailverified" : "true", "otherinfo1": "some text", "otherinfo2": "some more text", "otherinfo3": "and some more text"...

Firebase Security Rules Without Firebase Authentication

firebase,firebase-security
I use Firebase to store real time status updates for an app. I have my own authentication system for logging users in. I would like to share the data I store on Firebase to vendors who use our API, but I want to make sure they have only read access...

Firebase twitter authentication and cross-site scription

javascript,cross-domain,firebase,firebase-security
I have implemented "twitter authentication" on my firebase app. as described here: https://www.firebase.com/docs/web/guide/login/twitter.html It works very well. Once the user is logged in, he is also able to send some requests to my domain by using XMLHttpRequest. when I send the XMLHttpRequest's payload I tend to pass the "username" via...

Denormalizing data structures for private data access in Firebase?

json,data-structures,firebase,jsonschema,firebase-security
I would like to create data that scales (to track private data of a user). The Firebase documentation recommends to nest the child objects under the parent like this: { "users": { "google:1234567890": { "displayName" : "Username A", "provider" : "google", "provider_id" : "1234567890", "todos": { "rec_id1": "Walk the dog",...

Manage invite codes for registration with Firebase

angularjs,firebase,angularfire,firebase-security,firebasesimplelogin
I am teaching myself AngularJS and Firebase and am developing an app with two user roles A and B. Role B should only be able to register to the site if they have a valid invite code. I am using Firebase as a backend and AngularFire bindings. I have set...

Firebase Authentication Limits

java,firebase,firebase-security,firebasesimplelogin,firebase-authentication
I am new to Firebase so any insights appreciated. I'm writing Java server side test code. I grab several users from an database and am trying to migrate the data into user authenticated nodes within Firebase. My code selects a few users from the DB and spins up a new...

FireBase rule newData with uid

firebase,firebase-security
How can i to use unique id of new data in rule with newData? Data structure: I want to disallow to write for the users which one senderName is in ban_users, but i cannot to get the newData senderName: newData('senderName').val(); //not working newData('$message_id/senderName').val(); //also not working("$message_id": {}) ...

secret key visible in javascript code (JavaScript, Firebase)?

javascript,firebase-security
I have a function that checks wether the password and user match before authenticating using a custom token. function getUser(user, password) { var usersRef = new Firebase("mydatabase/users"); var userRef = usersRef.child(user); userRef.once("value", function getHandler(snapshot) { if (snapshot.val().password == password) { var token = createToken(user); ref.authWithCustomToken(token, authHandler); } else { alert("Gebruikersnaam...

Authenticated user does not have permission to access data stored in Firebase

firebase,firebase-security,firebasesimplelogin
I have an authenticated user, which is given authentication through using FirebaseSimpleLogin. This user has the token: 'user':{ email: "[email protected]", firebaseAuthToken: SOME TOKEN, "id: "4", isTemporaryPassword: true, md5_hash: "aHash123", provider: "password", uid: "simplelogin:4" } I have given the authenticated user read permission under the 'rules and security' tab in firebase...

Understanding Firebase's rules for user-write, global-read

firebase,angularfire,firebase-security,firebase-authentication
I am building a simple Firebase application with AngularJS. This app authenticates users through Google. Each user has a list of books. Anyone can see books, even if they are not authenticated. Only the creator of a book can edit it. However, individual users need to be able to record...

firebase security permission not working

firebase,firebase-security,firebase-authentication
I have below data stored in my firebase: firebaseRoot admins simplelogin:1: users simplelogin:1 email: [email protected] picture: csd provider: password uid: simplelogin:1 simplelogin:2 email: [email protected] picture: zsd provider: password uid: simplelogin:1 and following security rules: { "rules": { "admins": { ".read": "root.child('admins').child(auth.uid).val() === true", ".write": "root.child('admins').child(auth.uid).val() === true" }, "users": {...

EmberFire facebook authentication: nothing happens with authwithOAuthPopup

facebook,ember.js,firebase,firebase-security,emberfire
I've been following this tutorial to set up Facebook authentication on my Ember CLI + EmberFire + Firebase app. However, nothing happens when I click the log in button. And it doesn't even give me an error message. I'm using application.hbs template for my log in button: <p class="lead button">...

How to validate this data structure with Firebase security rules?

firebase,firebase-security
So far not having any luck with Firebase Security rules. I have this { "rules": { "users": { "$user_id": { ".read": true, ".write": "auth !== null && auth.uid === $user_id", "profile": { ".validate": "newData.hasChildren(['first_name', 'last_name'])" } } } } } I send data and for the profile and one of...

AngularJS / Firebase - Need to login twice for a successful login

javascript,angularjs,firebase-security,anguarjs-digest-cycle
I have simple AngularJS app and using Firebase OpenAuth for user authentication. Here is a sample code from plunkr. [http://plnkr.co/edit/ZVfkaJF0g3E5u63J7uHx?p=preview][1] I have to click twice to authData from Google. I don't understand, why I can't get the data on the first click....

Basic understanding of Firebase security

javascript,firebase,firebase-security
Fundamentally, if my client side javascript is going to be modifying my Firebase data remotely, couldn't anyone come along and examine that code and start modifying the same Firebase data at will? I know they can't modify areas of the data that are off limits to various users or situations,...

firebase security rules not working as expected

firebase,firebase-security
i'm trying to understand how security rules structure is working. I have these rules: { "rules": { "level1": { //public info ".read": true, ".write": true, "level2": { //private info ".read": false, ".write": false } } } } then testing with simulator i expected to have r/w access to level1, and...

Python Firebase - User authentication?

python,firebase,firebase-security
I need some guidance with python and firebase. I'm trying to make some authentication rules, but I've hit a rough path. I'm building a db that is supposed to allow supervisors to see the information on the people they are in charge of and I want to restrict the access...

Authentication error “Access Denied” in AngularFire when using Internet Explorer 9

firebase,firebase-security
I'm using Firebase for simple email/password authentication. Logging in (using the AngularFire client) works fine on both Firefox and Chrome, but on IE9 I get an "Access Denied" error. At this point I have no security rules established, so by default all requests should go through. I've tried loosening the...

Firebase security write rule of child based on user exsitance

firebase-security
So here is my security structure so far: { "rules": { "users": { "$user": { ".read": true, "Age": { ".write": "$user === auth.uid", ".validate": "newData.isNumber()" }, "Name": { ".write": "$user === auth.uid", ".validate": "newData.isString()" }, "friends": { "$friend": { "Age": { ".write": "$user === auth.uid || $friend === auth.uid", ".validate":...