|
|
|
|
|
|
by mikelehen
4935 days ago
|
|
|
Here's a little secret. The security rules you, as a Firebase developer, write for your Firebase, are actually server-side validation code. It just doesn't look like typical code, and we've carefully designed them to have a lot of good properties regarding performance, correctness, and analyzability. And we (Firebase) take care of enforcing them for you. But it /is/ server-side validation, that you as a developer get to specify. (That said, we're definitely happy to get feedback on our approach from any security experts out there that want to take a look!) |
|
|