Maximum bid limit for individual children, but not for the parent

Question

Maximum bid limit for individual children, but not for the parent

I have a place in firebase where all my applications are stored as children.

I want clients to be able to receive every message if they know the message identifier but do not download the entire message table.

What will be the security rule for this?

Thanks.

+4

firebase firebase-security

Harry Jun 29 '13 at 18:01

source share

1 answer

Anant · Accepted Answer · 2013-06-29T18:49:40+0000

You can prevent the parent from reading, but allow reading if the identifier is known:

"rules": { "messages": { // Disallow enumerating list of messages ".read": false, ".write": false, "$messageID": { // If you know the messageID you can read the message. ".read": true, // Cannot overwrite existing messages (optional). ".write": "!data.exists()" } } }

See https://github.com/firebase/firepano for an example application that uses secure URLs for security.

Maximum bid limit for individual children, but not for the parent

More articles: