Firebase Realtime Database Rules For A App Like Ebay

Is it necessary to change firebase realtime database rules for a app which gets user data and show user entered data in app (like fiverr app). Can someone hack the database?

Solution 1:

The security rules of your database act like the server-side code that stands between your database and the user in traditional three-tier application models. Just like someone can hack your server/database if you don't write the correct server-side code, so can someone hack your database if you don't write the correct server-side security rules.

My recommendation:

1. Start with security rules that allow no access to the data whatsoever.
2. Open up the rules for each specific access that the code in your app needs, one at a time.
3. At each step, the rules should allow only the use-cases you've implemented, and nothing more.

To get started on this, read the Firebase documentation on security rules or one of the many tutorials out there.