- Mastering Firebase for Android Development
- Ashok Kumar S
- 137字
- 2021-06-18 18:49:14
Data security
Another outstanding feature of Firebase is security. Ensuring that no data is being given access to the unapproved or not-authenticated users. For this problem there is a variable named auth. It is a predefined variable within the database rules. It contains the auth provider, used auth ID, and token and user's UID. Using this we can restrict the database access and grant the application on a use case basis. Consider the following diagram for apprehending the security. There are blood donors and the details are helpful for having authentic donor information:
Consider the following rules that allow only authenticated users to read the data:
{
"rules": {
".write" : false,
"Donor" : {
"$uid": {
".read": "auth != null && auth.uid == $uid"
}
}
}
}
The following screenshot shows the simulated authenticated user: