Android – How to use firebase with read and write rules as false

android, firebase, firebase-authentication, firebase-realtime-database, firebase-security

I am working on a project and I followed few tutorials in order to learn and build the app. But all of them, they change the Firebase read and write rules to true which is not safe. for example they change

{  "rules": {    ".read": false,    ".write": false  }}


{  "rules": {    ".read": true,    ".write": true  }}

This gives access to anyone to read and write the server data which is not safe in any way. And hence I turned this to false and now I am unable to register the user to Firebase it is giving an error saying 'Permission Denied. So what would I have to do in order to get the permission now.

Previously I was using this code to register the user to Firebase which is not working now.

mFirebaseAuth.createUserWithEmailAndPassword(editEmail.getText().toString(), editPass.getText().toString()).addOnSuccessListener(new OnSuccessListener<AuthResult>() {                    @Override                    public void onSuccess(AuthResult authResult) {                        //Saving User to Database                        User user = new User();                        user.setEmail(editEmail.getText().toString());                        user.setName(editName.getText().toString());                        user.setPassword(editPass.getText().toString());                        user.setPhone(editPhone.getText().toString());                        users.child(FirebaseAuth.getInstance().getCurrentUser().getUid()).setValue(user).addOnSuccessListener(new OnSuccessListener<Void>() {                            @Override                            public void onSuccess(Void aVoid) {                                waitingdialog.dismiss();                                Snackbar.make(rootLayout, "Registration Successful", Snackbar.LENGTH_SHORT).show();                                return;                            }                        }).addOnFailureListener(new OnFailureListener() {                            @Override                            public void onFailure(@NonNull Exception e) {                                waitingdialog.dismiss();                                Snackbar.make(rootLayout, "Registration Failed" + e.getMessage(), Snackbar.LENGTH_LONG).show();                                return;                            }                        });                    }                });

Best Solution

There are different rules for in the Firebase for this reason and the registration of the user to Database depends on those rules for instance there are four rules given by Firebase

as Default

The default rules require Authentication. They allow full read and write access to authenticated users of your app only. They are useful if you want data open to all users of your app but don't want it open to the world

// These rules require authentication{  "rules": {    ".read": "auth != null",    ".write": "auth != null"  }}

as Public

During development, you can use the public rules in place of the default rules to set your files publicly readable and writable. This can be useful for prototyping, as you can get started without setting up Authentication. This level of access means anyone can read or write to your database. You should configure more secure rules before launching your app.

// These rules give anyone, even people who are not users of your app,// read and write access to your database{  "rules": {    ".read": true,    ".write": true  }}

as User

Here's an example of a rule that gives each authenticated user a personal node at /users/$user_id where $user_id is the ID of the user obtained through Authentication. This is a common scenario for any apps that have data private to a user.

// These rules grant access to a node matching the authenticated// user's ID from the Firebase auth token{  "rules": {    "users": {      "$uid": {        ".read": "$uid === auth.uid",        ".write": "$uid === auth.uid"      }    }  }}

as PrivatePrivate rules disable read and write access to your database by users. With these rules, you can only access the database through the Firebase console.

// These rules don't allow anyone read or write access to your database{  "rules": {    ".read": false,    ".write": false  }}

For registering the user to Database while read and write permissions as false will only give permission to you to edit and read the data from the Firebase Console.