Best practices

Firestore security rules with public database access

Risk Level

Informational (4)

Platform(s)
Compliance Frameworks

Description

We have found that Firestore Database {GcpFirestoreDatabase} is configured with overly permissive security rules, allowing public database access. Cloud Firestore Security Rules protect your data from malicious users. Make sure you properly secure your users' data by avoiding common pitfalls, as mentioned in: https://firebase.google.com/docs/firestore/security/insecure-rules#mixed-public-and-private-access_1.
  • Recommended Mitigation

    It is recommended to secure database access by using restrictive security rules.