All you need to know about Cloud Firestore Security Rules

Security Rules

Cloud Firestore Security Rules let’s you focus on building a great user experience without having to manage infrastructure or write server-side authentication and authorization code. Its rule about clients and the security. Its about securing your database against your client requests. You should never trust your client side although you have written some nice client-side code to perform validation. It’s pretty easy for hacker to either modify the client request to do something you didn’t expect or create a fake request that looks like it’s coming from your app but isn’t really. Security rules provide access control and data validation in a simple yet expressive format.

Security rules are the layers that exist between client request and database letting in the database requests that are valid while rejecting the ones that are not.

How do Security Rules work?

Any request coming in a cloud firestore is probably going to involve a document. You are performing either of a create, read, update, delete operation or trying to get a bunch of documents out of a collection. Whenever the request is made, cloud firestore is going to…