Security Issue On Firebase

on sample android application to access database Firebase (https://www.firebase.com/docs/android/quickstart.html), we just need to write Firebase myFirebaseRef = new Firebase('http

Solution 1:

Step 7 in the quickstart you linked:

Secure Your Data

Use our powerful expression-based Security and Firebase Rules to control access to your data and validate input:

{".read":true,".write":"auth.uid === 'admin'",".validate":"newData.isString() && newData.val().length < 500"}

Firebase enforces your Security and Firebase Rules consistently whenever data is accessed. The rules language is designed to be both powerful and flexible, so that you can maintain fine-grained control over your application's data.

Solution 2:

Firebase security is not based on API keys/secret but in permission rules. Check this out.

Solution 3:

So if you want to make everything only writable you add the following security rule:

{ "rules": { ".read": false, ".write": true } }

And it is also worth noting that these rules will cascade to all child nodes and you cannot override them in child nodes except for validation rules.