Fetch firestore data for a specific app without authentication










0















Since I want to fetch data without authentication for my app, my security rules look like this:




 "rules": 
 ".read": true,
 ".write": false



But Firebase said if someone has this URL he can fetch my data. How could I save my data. My app doesn't require authentication. How could I resist other, or what configuration I can set so only my app can fetch it.



In simple words,



No one should allow to fetch my app data(firestore) without my app. Where my app doesn't require authentication.






android firebase-authentication google-cloud-firestore firebase-security-rules







share|improve this question
























  • FYI you're showing Realtime Database rules, but your question is asking about Firestore. They are not the same product. But the answer applies the same for both of them (you can't have security rules that allow unauthenticated access but restricted to just your app).

    – Doug Stevenson
    Nov 14 '18 at 6:30















0















Since I want to fetch data without authentication for my app, my security rules look like this:




 "rules": 
 ".read": true,
 ".write": false



But Firebase said if someone has this URL he can fetch my data. How could I save my data. My app doesn't require authentication. How could I resist other, or what configuration I can set so only my app can fetch it.



In simple words,



No one should allow to fetch my app data(firestore) without my app. Where my app doesn't require authentication.






android firebase-authentication google-cloud-firestore firebase-security-rules







share|improve this question
























  • FYI you're showing Realtime Database rules, but your question is asking about Firestore. They are not the same product. But the answer applies the same for both of them (you can't have security rules that allow unauthenticated access but restricted to just your app).

    – Doug Stevenson
    Nov 14 '18 at 6:30













0












0








0








Since I want to fetch data without authentication for my app, my security rules look like this:




 "rules": 
 ".read": true,
 ".write": false



But Firebase said if someone has this URL he can fetch my data. How could I save my data. My app doesn't require authentication. How could I resist other, or what configuration I can set so only my app can fetch it.



In simple words,



No one should allow to fetch my app data(firestore) without my app. Where my app doesn't require authentication.






android firebase-authentication google-cloud-firestore firebase-security-rules







share|improve this question
















Since I want to fetch data without authentication for my app, my security rules look like this:




 "rules": 
 ".read": true,
 ".write": false



But Firebase said if someone has this URL he can fetch my data. How could I save my data. My app doesn't require authentication. How could I resist other, or what configuration I can set so only my app can fetch it.



In simple words,



No one should allow to fetch my app data(firestore) without my app. Where my app doesn't require authentication.






android firebase-authentication google-cloud-firestore firebase-security-rules




android firebase-authentication google-cloud-firestore firebase-security-rules






share|improve this question















share|improve this question













share|improve this question




share|improve this question








edited Nov 14 '18 at 6:29









Doug Stevenson

75.9k990111




75.9k990111










asked Nov 14 '18 at 6:19









Xar E AhmerXar E Ahmer

22.4k8150206




22.4k8150206












  • FYI you're showing Realtime Database rules, but your question is asking about Firestore. They are not the same product. But the answer applies the same for both of them (you can't have security rules that allow unauthenticated access but restricted to just your app).

    – Doug Stevenson
    Nov 14 '18 at 6:30

















  • FYI you're showing Realtime Database rules, but your question is asking about Firestore. They are not the same product. But the answer applies the same for both of them (you can't have security rules that allow unauthenticated access but restricted to just your app).

    – Doug Stevenson
    Nov 14 '18 at 6:30
















FYI you're showing Realtime Database rules, but your question is asking about Firestore. They are not the same product. But the answer applies the same for both of them (you can't have security rules that allow unauthenticated access but restricted to just your app).

– Doug Stevenson
Nov 14 '18 at 6:30





FYI you're showing Realtime Database rules, but your question is asking about Firestore. They are not the same product. But the answer applies the same for both of them (you can't have security rules that allow unauthenticated access but restricted to just your app).

– Doug Stevenson
Nov 14 '18 at 6:30












1 Answer
1






active

oldest

votes


















0














What you're asking for isn't possible. These things are all exactly the same:



  • Accessing data via client SDK without authentication

  • Accessing data with the REST API without an authentication token

  • Accessing data in any way without using the app itself

If you want to restrict data to your app only, you will need some form of authentication provided by Firebase Authentication.






share|improve this answer























  • Can I pass some sort of key or authentication mechanism for fetching data ?As right now my app simply fetch some records which I gather by putting a lot of effort. but other can copy if they get the url.

    – Xar E Ahmer
    Nov 14 '18 at 7:26











  • No, that special key could be intercepted if it's embedded in your mobile app. Anything in your app should be considered public.

    – Doug Stevenson
    Nov 14 '18 at 8:40










Your Answer






StackExchange.ifUsing("editor", function ()
StackExchange.using("externalEditor", function ()
StackExchange.using("snippets", function ()
StackExchange.snippets.init();
);
);
, "code-snippets");

StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "1"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);

else
createEditor();

);

function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);



);













draft saved

draft discarded


















StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53294190%2ffetch-firestore-data-for-a-specific-app-without-authentication%23new-answer', 'question_page');

);

Post as a guest















Required, but never shown

























1 Answer
1






active

oldest

votes








1 Answer
1






active

oldest

votes









active

oldest

votes






active

oldest

votes









0














What you're asking for isn't possible. These things are all exactly the same:



  • Accessing data via client SDK without authentication

  • Accessing data with the REST API without an authentication token

  • Accessing data in any way without using the app itself

If you want to restrict data to your app only, you will need some form of authentication provided by Firebase Authentication.






share|improve this answer























  • Can I pass some sort of key or authentication mechanism for fetching data ?As right now my app simply fetch some records which I gather by putting a lot of effort. but other can copy if they get the url.

    – Xar E Ahmer
    Nov 14 '18 at 7:26











  • No, that special key could be intercepted if it's embedded in your mobile app. Anything in your app should be considered public.

    – Doug Stevenson
    Nov 14 '18 at 8:40















0














What you're asking for isn't possible. These things are all exactly the same:



  • Accessing data via client SDK without authentication

  • Accessing data with the REST API without an authentication token

  • Accessing data in any way without using the app itself

If you want to restrict data to your app only, you will need some form of authentication provided by Firebase Authentication.






share|improve this answer























  • Can I pass some sort of key or authentication mechanism for fetching data ?As right now my app simply fetch some records which I gather by putting a lot of effort. but other can copy if they get the url.

    – Xar E Ahmer
    Nov 14 '18 at 7:26











  • No, that special key could be intercepted if it's embedded in your mobile app. Anything in your app should be considered public.

    – Doug Stevenson
    Nov 14 '18 at 8:40













0












0








0







What you're asking for isn't possible. These things are all exactly the same:



  • Accessing data via client SDK without authentication

  • Accessing data with the REST API without an authentication token

  • Accessing data in any way without using the app itself

If you want to restrict data to your app only, you will need some form of authentication provided by Firebase Authentication.






share|improve this answer













What you're asking for isn't possible. These things are all exactly the same:



  • Accessing data via client SDK without authentication

  • Accessing data with the REST API without an authentication token

  • Accessing data in any way without using the app itself

If you want to restrict data to your app only, you will need some form of authentication provided by Firebase Authentication.







share|improve this answer












share|improve this answer



share|improve this answer










answered Nov 14 '18 at 6:27









Doug StevensonDoug Stevenson

75.9k990111




75.9k990111












  • Can I pass some sort of key or authentication mechanism for fetching data ?As right now my app simply fetch some records which I gather by putting a lot of effort. but other can copy if they get the url.

    – Xar E Ahmer
    Nov 14 '18 at 7:26











  • No, that special key could be intercepted if it's embedded in your mobile app. Anything in your app should be considered public.

    – Doug Stevenson
    Nov 14 '18 at 8:40

















  • Can I pass some sort of key or authentication mechanism for fetching data ?As right now my app simply fetch some records which I gather by putting a lot of effort. but other can copy if they get the url.

    – Xar E Ahmer
    Nov 14 '18 at 7:26











  • No, that special key could be intercepted if it's embedded in your mobile app. Anything in your app should be considered public.

    – Doug Stevenson
    Nov 14 '18 at 8:40
















Can I pass some sort of key or authentication mechanism for fetching data ?As right now my app simply fetch some records which I gather by putting a lot of effort. but other can copy if they get the url.

– Xar E Ahmer
Nov 14 '18 at 7:26





Can I pass some sort of key or authentication mechanism for fetching data ?As right now my app simply fetch some records which I gather by putting a lot of effort. but other can copy if they get the url.

– Xar E Ahmer
Nov 14 '18 at 7:26













No, that special key could be intercepted if it's embedded in your mobile app. Anything in your app should be considered public.

– Doug Stevenson
Nov 14 '18 at 8:40





No, that special key could be intercepted if it's embedded in your mobile app. Anything in your app should be considered public.

– Doug Stevenson
Nov 14 '18 at 8:40



















draft saved

draft discarded
















































Thanks for contributing an answer to Stack Overflow!


  • Please be sure to answer the question. Provide details and share your research!

But avoid


  • Asking for help, clarification, or responding to other answers.

  • Making statements based on opinion; back them up with references or personal experience.

To learn more, see our tips on writing great answers.




draft saved


draft discarded














StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53294190%2ffetch-firestore-data-for-a-specific-app-without-authentication%23new-answer', 'question_page');

);

Post as a guest















Required, but never shown





















































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown

































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown







-

這個網誌中的熱門文章

Barbados

圖片
For other uses, see Barbados (disambiguation). Not to be confused with Barbuda. Coordinates: 13°10′N 59°33′W  /  13.167°N 59.550°W  / 13.167; -59.550 Barbados Flag Coat of arms Motto:  "Pride and Industry" Anthem:  In Plenty and In Time of Need Capital and largest city Bridgetown 13°06′N 59°37′W  /  13.100°N 59.617°W  / 13.100; -59.617 Official languages English Recognised regional languages Bajan Creole Ethnic groups (est. 2010 [1] ) 92.4% black 3.1% multiracial 2.7% white 1.3% East Indian 0.5% other/unspecified Religion 75.6% Christian 2.5% other 20.6% none 1.2% unspecified [1] Demonym(s) Barbadian Bajan (colloquial) Government Unitary parliamentary constitutional monarchy • Monarch Elizabeth II •  Governor-General Dame Sandra Mason • Prime Minister Mia Mottley Legislature Parliament • Upper house Senate • Lower house House of Assembly Independence • From the United Kingdom 30 November 1966 Area • Total 439 km 2 (169 sq mi) (183rd) • Water (%) Negligib
閱讀完整內容

How to read a connectionString WITH PROVIDER in .NET Core?

圖片
6 I added .AddJsonFile("Connections.json", optional: true, reloadOnChange: true) in public Startup(IHostingEnvironment env) Connections.json contains: "ConnectionStrings": "DefaultConnection": "Server=(localdb)\mssqllocaldb;Database=DATABASE;Trusted_Connection=True;MultipleActiveResultSets=true", "COR-W81-101": "Data Source=DATASOURCE;Initial Catalog=P61_CAFM_Basic;User Id=USERID;Password=PASSWORD;Persist Security Info=False;MultipleActiveResultSets=False;Packet Size=4096;", "COR-W81-100": "Data Source=DATASOURCE;Initial Catalog=Post_PS;User Id=USERID;Password=PASSWORD;Persist Security Info=False;MultipleActiveResultSets=False;Packet Size=4096;", "MSEDGEWIN10": "Data Source=DATASOURCE; Initial Catalog=COR_Basic; Persist Security Info=False;Integrated Security=true;MultipleActiveResultSets=False;Packet Size=4096;Application Name="COR_Basic"", "server&qu
閱讀完整內容

In R, how to develop a multiplot heatmap.2 figure showing key labels successfully

圖片
1 2 I'm trying to develop a multiplot heatmap.2 saved to a pdf. I'm having some success but the axis labels are getting chopped off. Subplot titles are also desirable but again the labels are getting chopped. Here's my reproducible code: library(gridExtra) library(grid) library(gridGraphics) library(gplots) Col = colorRampPalette(c("red","orange","yellow", "white")) grab_grob <- function() grid.echo() grid.grab() par(cex.main=0.1, mar = c(1,1,1,1) ) #data<-read.table("heatmap.input.matrix.data.txt") lmat = rbind(c(2,3),c(4,1),c(4,1)) lwid = c(2.5,4) lhei = c(0.5,4,3) labRowvec <- c(rep(NULL, dim(matrix(runif(1000, 1,10),ncol=50))[1])) labColvec <- c(rep(NULL, dim(matrix(runif(1000, 1,10),ncol=50))[2])) gl <- lapply(1:12, function(i) heatmap.2(matrix(runif(1000, 1,10),ncol=50), dendrogram = "none",offsetRow=-0.5, offsetCol=-1,srtCol=0, density="density", lmat =lmat,lhei = l
閱讀完整內容