Fetch firestore data for a specific app without authentication
Since I want to fetch data without authentication for my app, my security rules look like this:
"rules":
".read": true,
".write": false
But Firebase said if someone has this URL he can fetch my data. How could I save my data. My app doesn't require authentication. How could I resist other, or what configuration I can set so only my app can fetch it.
In simple words,
No one should allow to fetch my app data(firestore) without my app. Where my app doesn't require authentication.
android firebase-authentication google-cloud-firestore firebase-security-rules edited Nov 14 '18 at 6:29
Doug Stevenson
75.9k990111
asked Nov 14 '18 at 6:19
Xar E AhmerXar E Ahmer
22.4k8150206
add a comment |
Since I want to fetch data without authentication for my app, my security rules look like this:
"rules":
".read": true,
".write": false
But Firebase said if someone has this URL he can fetch my data. How could I save my data. My app doesn't require authentication. How could I resist other, or what configuration I can set so only my app can fetch it.
In simple words,
No one should allow to fetch my app data(firestore) without my app. Where my app doesn't require authentication.
android firebase-authentication google-cloud-firestore firebase-security-rules edited Nov 14 '18 at 6:29
Doug Stevenson
75.9k990111
asked Nov 14 '18 at 6:19
Xar E AhmerXar E Ahmer
22.4k8150206
FYI you're showing Realtime Database rules, but your question is asking about Firestore. They are not the same product. But the answer applies the same for both of them (you can't have security rules that allow unauthenticated access but restricted to just your app).
– Doug Stevenson
Nov 14 '18 at 6:30
add a comment |
Since I want to fetch data without authentication for my app, my security rules look like this:
"rules":
".read": true,
".write": false
But Firebase said if someone has this URL he can fetch my data. How could I save my data. My app doesn't require authentication. How could I resist other, or what configuration I can set so only my app can fetch it.
In simple words,
No one should allow to fetch my app data(firestore) without my app. Where my app doesn't require authentication.
android firebase-authentication google-cloud-firestore firebase-security-rules edited Nov 14 '18 at 6:29
Doug Stevenson
75.9k990111
asked Nov 14 '18 at 6:19
Xar E AhmerXar E Ahmer
22.4k8150206
Since I want to fetch data without authentication for my app, my security rules look like this:
"rules":
".read": true,
".write": false
But Firebase said if someone has this URL he can fetch my data. How could I save my data. My app doesn't require authentication. How could I resist other, or what configuration I can set so only my app can fetch it.
In simple words,
No one should allow to fetch my app data(firestore) without my app. Where my app doesn't require authentication.
android firebase-authentication google-cloud-firestore firebase-security-rules android firebase-authentication google-cloud-firestore firebase-security-rules edited Nov 14 '18 at 6:29
Doug Stevenson
75.9k990111
asked Nov 14 '18 at 6:19
Xar E AhmerXar E Ahmer
22.4k8150206
edited Nov 14 '18 at 6:29
Doug Stevenson
75.9k990111
asked Nov 14 '18 at 6:19
Xar E AhmerXar E Ahmer
22.4k8150206
edited Nov 14 '18 at 6:29
Doug Stevenson
75.9k990111
edited Nov 14 '18 at 6:29
Doug Stevenson
75.9k990111
edited Nov 14 '18 at 6:29
Doug Stevenson
75.9k990111
75.9k990111
asked Nov 14 '18 at 6:19
Xar E AhmerXar E Ahmer
22.4k8150206
asked Nov 14 '18 at 6:19
Xar E AhmerXar E Ahmer
22.4k8150206
asked Nov 14 '18 at 6:19
Xar E AhmerXar E Ahmer
22.4k8150206
22.4k8150206
FYI you're showing Realtime Database rules, but your question is asking about Firestore. They are not the same product. But the answer applies the same for both of them (you can't have security rules that allow unauthenticated access but restricted to just your app).
– Doug Stevenson
Nov 14 '18 at 6:30
add a comment |
FYI you're showing Realtime Database rules, but your question is asking about Firestore. They are not the same product. But the answer applies the same for both of them (you can't have security rules that allow unauthenticated access but restricted to just your app).
– Doug Stevenson
Nov 14 '18 at 6:30
FYI you're showing Realtime Database rules, but your question is asking about Firestore. They are not the same product. But the answer applies the same for both of them (you can't have security rules that allow unauthenticated access but restricted to just your app).
– Doug Stevenson
Nov 14 '18 at 6:30
FYI you're showing Realtime Database rules, but your question is asking about Firestore. They are not the same product. But the answer applies the same for both of them (you can't have security rules that allow unauthenticated access but restricted to just your app).
– Doug Stevenson
Nov 14 '18 at 6:30
add a comment |
1 Answer
1
active
oldest
votes
What you're asking for isn't possible. These things are all exactly the same:
- Accessing data via client SDK without authentication
- Accessing data with the REST API without an authentication token
- Accessing data in any way without using the app itself
If you want to restrict data to your app only, you will need some form of authentication provided by Firebase Authentication.
answered Nov 14 '18 at 6:27
Doug StevensonDoug Stevenson
75.9k990111
Can I pass some sort of key or authentication mechanism for fetching data ?As right now my app simply fetch some records which I gather by putting a lot of effort. but other can copy if they get the url.
– Xar E Ahmer
Nov 14 '18 at 7:26
No, that special key could be intercepted if it's embedded in your mobile app. Anything in your app should be considered public.
– Doug Stevenson
Nov 14 '18 at 8:40
add a comment |
Your Answer
StackExchange.ifUsing("editor", function ()
StackExchange.using("externalEditor", function ()
StackExchange.using("snippets", function ()
StackExchange.snippets.init();
);
);
, "code-snippets");
StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "1"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);
else
createEditor();
);
function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);
);
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53294190%2ffetch-firestore-data-for-a-specific-app-without-authentication%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
What you're asking for isn't possible. These things are all exactly the same:
- Accessing data via client SDK without authentication
- Accessing data with the REST API without an authentication token
- Accessing data in any way without using the app itself
If you want to restrict data to your app only, you will need some form of authentication provided by Firebase Authentication.
answered Nov 14 '18 at 6:27
Doug StevensonDoug Stevenson
75.9k990111
Can I pass some sort of key or authentication mechanism for fetching data ?As right now my app simply fetch some records which I gather by putting a lot of effort. but other can copy if they get the url.
– Xar E Ahmer
Nov 14 '18 at 7:26
No, that special key could be intercepted if it's embedded in your mobile app. Anything in your app should be considered public.
– Doug Stevenson
Nov 14 '18 at 8:40
add a comment |
What you're asking for isn't possible. These things are all exactly the same:
- Accessing data via client SDK without authentication
- Accessing data with the REST API without an authentication token
- Accessing data in any way without using the app itself
If you want to restrict data to your app only, you will need some form of authentication provided by Firebase Authentication.
answered Nov 14 '18 at 6:27
Doug StevensonDoug Stevenson
75.9k990111
Can I pass some sort of key or authentication mechanism for fetching data ?As right now my app simply fetch some records which I gather by putting a lot of effort. but other can copy if they get the url.
– Xar E Ahmer
Nov 14 '18 at 7:26
No, that special key could be intercepted if it's embedded in your mobile app. Anything in your app should be considered public.
– Doug Stevenson
Nov 14 '18 at 8:40
add a comment |
What you're asking for isn't possible. These things are all exactly the same:
- Accessing data via client SDK without authentication
- Accessing data with the REST API without an authentication token
- Accessing data in any way without using the app itself
If you want to restrict data to your app only, you will need some form of authentication provided by Firebase Authentication.
answered Nov 14 '18 at 6:27
Doug StevensonDoug Stevenson
75.9k990111
What you're asking for isn't possible. These things are all exactly the same:
- Accessing data via client SDK without authentication
- Accessing data with the REST API without an authentication token
- Accessing data in any way without using the app itself
If you want to restrict data to your app only, you will need some form of authentication provided by Firebase Authentication.
answered Nov 14 '18 at 6:27
Doug StevensonDoug Stevenson
75.9k990111
answered Nov 14 '18 at 6:27
Doug StevensonDoug Stevenson
75.9k990111
answered Nov 14 '18 at 6:27
Doug StevensonDoug Stevenson
75.9k990111
answered Nov 14 '18 at 6:27
Doug StevensonDoug Stevenson
75.9k990111
75.9k990111
Can I pass some sort of key or authentication mechanism for fetching data ?As right now my app simply fetch some records which I gather by putting a lot of effort. but other can copy if they get the url.
– Xar E Ahmer
Nov 14 '18 at 7:26
No, that special key could be intercepted if it's embedded in your mobile app. Anything in your app should be considered public.
– Doug Stevenson
Nov 14 '18 at 8:40
add a comment |
Can I pass some sort of key or authentication mechanism for fetching data ?As right now my app simply fetch some records which I gather by putting a lot of effort. but other can copy if they get the url.
– Xar E Ahmer
Nov 14 '18 at 7:26
No, that special key could be intercepted if it's embedded in your mobile app. Anything in your app should be considered public.
– Doug Stevenson
Nov 14 '18 at 8:40
Can I pass some sort of key or authentication mechanism for fetching data ?As right now my app simply fetch some records which I gather by putting a lot of effort. but other can copy if they get the url.
– Xar E Ahmer
Nov 14 '18 at 7:26
Can I pass some sort of key or authentication mechanism for fetching data ?As right now my app simply fetch some records which I gather by putting a lot of effort. but other can copy if they get the url.
– Xar E Ahmer
Nov 14 '18 at 7:26
No, that special key could be intercepted if it's embedded in your mobile app. Anything in your app should be considered public.
– Doug Stevenson
Nov 14 '18 at 8:40
No, that special key could be intercepted if it's embedded in your mobile app. Anything in your app should be considered public.
– Doug Stevenson
Nov 14 '18 at 8:40
add a comment |
Thanks for contributing an answer to Stack Overflow!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53294190%2ffetch-firestore-data-for-a-specific-app-without-authentication%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
FYI you're showing Realtime Database rules, but your question is asking about Firestore. They are not the same product. But the answer applies the same for both of them (you can't have security rules that allow unauthenticated access but restricted to just your app).
– Doug Stevenson
Nov 14 '18 at 6:30