Realtime Database Security Rules

At this point in the course, we can perform read and write operations to some of the Firebase services we initialized, for example, the Realtime Database, Cloud Firestore, and Cloud Storage. This is because the current security rules on these services are set to permit open access to them. While this may not be a problem during development, it’s dangerous to have such rules on a deployed application since anyone who guesses or has access to our project ID can easily steal, modify, or delete our data.

Firebase Security Rules secure and control access to data in these Firebase products making sure that users in a Firebase project can only read and write data they’re allowed. These rules sit between the client application and ...