23/12/2017 Firebase in a Weekend (Android) - Udacity

Clase 1: Database Security Rules

 Saturday

Remember the database rules we changed? We made it so anyone can read and write data without checking
  
authentication.

Let’s change it back to the default rules, which means that users need to be authenticated to read and write data.
These rules are enforced by the Firebase servers. So there is no way for our users to bypass the rules that we set.

 13. Firebase Realtime Database

 14. Why Firebase Realtime Database?

 15. Database Structure

These rules are a good starting point for a simple chat app like FriendlyChat, but there are certainly plenty of cases
where we will want to further restrict access. Let’s examine how Firebase Database security rules make this
 16. Exploring the Database
possible.

 17. Database Implementation - Writi…

Rule Types
Firebase allows three main rule types: .read, .write. And .validate. Each of these can be set to “true” or “false” and
 18. Database Implementation - Writi…
can apply to the whole database or a particular location in the database depending on how they are con gured.

 19. Quiz: Database Implementation … Rule

Type Description
 20. Database Rules for Testing
.read Describes whether data can be read by the user.

 21. Reading from the Firebase Realti… .write Describes whether data can be written by the user.

.validate De nes what a correctly formatted value looks like, whether it has child nodes, and the
 22. Database Implementation - Rea… data type.

 23. Database Implementation - Rea…

Prede ned Variables

 24. Quiz: Database Rules for Testing

https://classroom.udacity.com/courses/ud0352/lessons/daa58d76-0146-4c52-b5d8-45e32a3dfb08/concepts/b1d107aa-5a83-4cd4-b1… 1/2
23/12/2017 Firebase in a Weekend (Android) - Udacity
Firebase Database Security includes a set of prede ned variables that enable you to customize data accessibility.
 25. Database
Clase 1: Security
Below is a list of prede ned variables and a Database
link to eachSecurity Rules
 Saturday
API reference.

 26. Database Security Rules

Variable Description
  
27. Advanced Database Rules now The current time in milliseconds since Unix epoch time (January 1, 1970)


root Corresponds to the current data at the root of the database. You can use this to read
 28. Why is it Great to Authenticate? any data in your database in your rule expressions.

newData Corresponds to the data that will result if the write is allowed
 29. Quiz: Why is it Great to Authenti…
data Corresponds to the current data in Firebase Realtime Database at the location of the
30. FirebaseUI Authentication currently executing rule.


$variables A wildcard path used to represent ids and dynamic child keys.
 31. Authentication in the Console
auth Contains the token payload if a user is authenticated, or null if the user isn't
authenticated.
 32. Getting Started with FirebaseUI

We will expand on the auth variable because we will use it in database security examples.
 33. Authentication Overview

Auth
 34. AuthStateListener and AuthUI
The auth variable contains the JSON web token for the user. A JSON Web Token is a standard that de nes a way of
securely transmitting information between parties, like the database and a client, as a JSON object. Once a user is
 35. Signing In FriendlyChat
authenticated, this token contains the provider, the uid, and the Firebase Auth ID token.

36. Handling Cancelled Sign In The provider is the method of authentication, such as email/password, Google Sign In, or Facebook Login.


The uid is a unique user ID. This ID is guaranteed to be unique across all providers, so a user that authenticates
 37. Auth in app - Signing Out with Google and a user that authenticates with email/password do not risk having the same identi cation.

The Firebase Auth ID is a web token. Yes, this means that there is a web token inside of the Auth web token! This
 38. Saturday Check In
token can contain the following data:

Data Description

email The email address associated with the account.

email_veri ed A boolean that is true if the user has veri ed they have access to the
email address. Some providers automatically verify email addresses. You
can customize authentication to include email veri cation for
email/password on iOS.

name The user’s display name, if one is set.

sub The user’s Firebase uID.

rebase.identities Dictionary of all the identities that are associated with this user's
account.

rebase.sign_in_provider The sign-in provider used to obtain this Firebase Auth ID token.

SIGUIENTE

https://classroom.udacity.com/courses/ud0352/lessons/daa58d76-0146-4c52-b5d8-45e32a3dfb08/concepts/b1d107aa-5a83-4cd4-b1… 2/2