可以通过对我的应用程序进行反向工程来篡改Firebase项目中的数据吗？

Question

I have an app using Firebase as backend. Can someone reverse engineer my app to get hold of the code and modify it to access and tamper my database? If so, how can I secure my data against such attacks?

Also, is there any other ways that my database can be compromised?

What are the best practices to protect my data?

Answer 1

To secure your data, you need to use Firebase Database rules:

Firebase Database Rules are declarative configuration for your database. This means that the rules are defined separately from the product logic. This has a number of advantages: clients aren't responsible for enforcing security, buggy implementations will not compromise your data, and perhaps most importantly, there is no need for an intermediate referee, such as a server, to protect data from the world.

Example:

{
 "rules": {
    "users": {
      "$user_id": {
         // grants write access to the owner of this user account
         // whose uid must exactly match the key ($user_id)
      ".write": "$user_id === auth.uid"
     }
   }
  }
}

more info here:

Secure Your Data