I am creating an iOS software which makes use of Firestore for getting some knowledge. My app solely reads knowledge, by no means writes.
For the time being I do not use Firebase Authentication. I’ve set guidelines in Firestore: permit learn: if true
, however they ship me an electronic mail with warnings on daily basis: “Database is accessible for studying for all customers”.
- So my query is: what method ought to I exploit in my case? If I wish to shield the info and minimise the danger of somebody (not from my app) can get entry to the database.
- I do not need customers to register. For instance I can create one account in Firebase Authentication and provides permission to it for studying knowledge in Firestore:
permit learn: if request.auth.uid == "some id"
and use this account for every person within the app. However extra doubtless there are some limitations for great amount logged in gadgets with one account (e.g. some variety of log in for one account per a minute), aren’t they? - Additionally I heard about Firebase App Test which protects API sources from abuse by stopping unauthorised purchasers from accessing your backend sources (through DeviceCheck or App Attest on Apple platforms). Ought to I exploit it in my case?