Posted by Hiranya Jayathilaka and Rachel Myers this article focuses on Firebase offers security rules – a powerful mechanism that helps enforce the security and logical correctness of your apps. The backend services use security rules to authorize and validate the requests made by client apps, and make sure they adhere to the policies that app developers have put in place.
The authors then share a few tips related to security rules and the Admin SDK:
- Admin SDK bypasses security rules
- Make certain data read-only
- Role-based access control with custom claims
- Temporarily withhold sensitive data from users
… and more can be found in the original article. Firebase takes a declarative approach to ensuring the security and logical correctness of your apps. By keeping the rules separate from application code, you can easily update your security policies, while keeping the application code simple.
With Firebase you can patch any detected security vulnerabilities instantly, without having to go through a long and arduous app rollout. Nice one!
[Read More]