How to make firebase storage only available to users of the app

Asked 12/11, 2016 at 2:50 Answered 15/3, 2024 at 15:58

Solved android firebase firebase-storage

I have images saved to my Firebase storage and I only want users using the app to be able to access them. I don't want to force my users to login just to use the app, so that is not an option.

Jolie answered 12/11, 2016 at 2:50 Comment(1)

You have to create only one user and password for all users and hard-code it into your project. – Coadjutrix 12/11, 2016 at 3:26

Since the Firebase back-end services are hosted in the cloud, they are by nature accessible by anyone. There is no way to limit their access to only people that are using the code that you write. Any developer can download the SDK, rewrite your code and use that to access the same back-end services.

That's why you secure access to Firebase data (whether structured data in the database or files in storage) through user-based security. Making your users sign in to the app, means that you can identify who is accessing the data. Once you've authenticated the users, you can use Firebase's security rules (for database or storage) to ensure they can only access the data they're authorized for. They may still be using other code, but you'll at least know who they are and be assured that they can only access the data in ways you authorized.

You can get the best of both worlds (requiring users to be authenticated, without requiring them to log-in) by using anonymous authentication. Just keep in mind that there too, any developer can download the Firebase SDK and authenticate the user anonymously.

For an older discussion on the topic (for the database, but it applies equally to storage), see How to prevent other access to my firebase

Sixpence answered 12/11, 2016 at 16:8 Comment(2)

firebase storage is not secured by authorization. any file has a public downloadable url – Icicle 29/8, 2019 at 8:3

An unguessable read-only download URL is only generated when you call the API to do so. Access through the SDK is secured with the security rules described above. If you have additional comments about either of these, I recommend opening a new question. – Sixpence 29/8, 2019 at 13:20

Basically you want to change the Rules of your Storage. Under the Firebase console and in Storage there are two tabs in the top of the frame. One that says file and one that says Rules. If you click the Rules tab you will get a view of the code that defines who can read and write to and from your storage. You will want to follow the link below to set up the correct rules for your storage. But based on what you want all you have to do is set the read write code to be:

 allow read: if request.auth != null;

Check out this link: https://firebase.google.com/docs/storage/security/user-security

Fluorescein answered 12/11, 2016 at 6:41 Comment(0)

please check App check from google:Firebase App Check App Check helps protect your API resources from abuse by preventing unauthorized clients from accessing your backend resources. It works with both Firebase services, Google Cloud services, and your own APIs to keep your resources safe.

Unpeopled answered 15/3, 2024 at 15:58 Comment(1)

Your answer could be improved with additional supporting information. Please edit to add further details, such as citations or documentation, so that others can confirm that your answer is correct. You can find more information on how to write good answers in the help center. – Guienne 16/3, 2024 at 22:6

Recommended topics

Hot tags