Let's say I have a simple landing page with a form asking for an email. In order to allow unauthenticated users, the write rule cannot be only on for authenticated users.
However, I realised that using the console on any browser and calling something like the following will eventually delete the whole users node.
var updates = {};
updates['/users'] = "";
firebase.database().ref().update(updates);
Can any security rules prevent whole nodes from simply being overwritten like this?
Aucun commentaire:
Enregistrer un commentaire