24. Database Rules for Testing
Database Rules for Testing Exercise
QUESTION:
It’s great that we were able to change the Firebase Realtime Database rules so that we could easily read and write data. Problem solved, right? Well not exactly. Setting the read and write rules to “true” is useful while building an app, but can have dire consequences if used when deploying an app. Why is it a bad idea to leave the rules as “true” when you deploy an app?
ANSWER:
Without database rules, anyone can change the database without consequence. There is no easy way to track who is making these changes. What if the data on the database was personal or private? When database rules don’t restrict reading and writing, anyone who has the app - or knows the URL of our database - has access to all of that information.
Next we will cover the right way to let users read and write while still protecting data using Security rules and Authentication.