Very informative, clear and to the point. Thanks guys Greetings from Tanzania 🇹🇿

I'm so glad you're going to be doing a series on this. After all the tough times I have had over the years with Firebase security. I could request you to make 1 thing easier by way of example. I see loads of developers getting stuck at using the simulator to simulate a token with Custom Claims. I mean an example of the JSON that needs to be put in that simulators textbox, that acts as the token carrying the Custom Claims. And i have 1 question: How do we understand the charges for Rules ?.. I mean we have an idea about Database Read/Writes, but Rules? Is it cheaper than using a CloudFunction to Validate or restrict data?

please start the series asap and thanks alot really helpful 🙂

Is Cloud Firestore a good selection for a bank account? Can it be safe and reliable to save people's money which is a number to the Cloud Firestore? My concern is reliability and security. Any suggestions?

A nice video as always @CodingDoug we missed you dude... Please could you make us, real world app with vue js

Been a year and we still can't write security rules for cloud storage based on the data in Firestore

Okay, so why basic security rule examples Google provided don't meet the criteria? I set my database to be readable by anyone, but allow everything else by only authorized users. Yet, I keep getting those warning letters.

Thanks. Very well presented.

I just wanted to check if you could only allow access to firestore from my app domain using security rules, you say rules do not control that. Thanks. Shame though.

What if my rules are published publicly? Will my app become unsafe? Help please .

i have a application for mobile where the client can registered and login ... i want firebase data only readable and writeable for me non others .. so that i can handle all clients in database .. because i m the owner of my app.. what rules i should set please send me the example ..

Hi brother can u help me pls. I have this security rules for an ecommerce site but why is it that the products are not showing unless I do allow access top the shallowest match path. This line below, knowing if I allow read access to this line then everyone can read all my documents even those I want to set private. match /{document=**} { allow read if false; // I have to set this to true before all products for selling by all users are displayed then I cannot do selective securty if I do set it to true since everything is allowed to be read rules_version = '2'; service cloud.firestore { match /databases/{database}/documents { match /{document=**} { allow read,create,update,delete: if false; match /users/{uid}{ allow read; allow update:if request.auth.uid == uid; match /users/{uid}/products { allow read; allow create: if request.auth.uid != null; match /users/{uid}/products/{product}{ allow read; allow create: if request.auth.uid != null; allow delete,update: if request.auth.uid == uid; } } } } } }

Do you have an example thatdeally works?

sir, if apk reveres engeenirng is it possible to get google-serice.json file ?

love this

Can we get a video on the emulator?

Thanks really nice for everyone ...

waiting to get into this

very informative..

Great! Could you please aleborate more on how to use anonymous UID? How does the user's UID should look like when he has just started and is in anonymous state? Which ID to use to upload his data to the Real-time DB?

Look at the view count then look at the number of people leaving comments. What does that tell you?

Pro tip: There are cases where the Firestore simulator fails but the client SDKs work.

Thanks sir

Everything is good about firebase except these rules, hate them.

First