I created an application that uses a Firebase database and Firebase storage. Currently, security rules are set to "public" access, which, in my opinion, is not secure.
I read somewhere in the documentation that anyone who has a Firebase URL link for my application database can access the database (since it has "public" access). Is this completely correct? What about an API key? Isn't the API generated and saved in my configuration file available only for my application? Can any other client connect to the database without an API key?
source share