Firestore security rules with public database access

Best practices

Firestore security rules with public database access

Risk Level

Informational (4)

Platform(s)

Compliance Frameworks

Brazilian General Data Protection (LGPD)
CCPA
coppa
CPRA
Data Security Posture Management (DSPM) Best Practices
ISO 27701
ISO/IEC 27001
mpa
New Zealand Information Security Manual
NIST 800-171
NIST 800-53
Orca Best Practices
PDPA
UK Cyber Essentials

Description

We have found that Firestore Database {GcpFirestoreDatabase} is configured with overly permissive security rules, allowing public database access. Cloud Firestore Security Rules protect your data from malicious users. Make sure you properly secure your users' data by avoiding common pitfalls, as mentioned in: https://firebase.google.com/docs/firestore/security/insecure-rules#mixed-public-and-private-access_1.

Recommended Mitigation

It is recommended to secure database access by using restrictive security rules.

Firestore security rules with public database access

Description

Need help?

CLOUD SECURITY PLATFORM

TECHNOLOGY ECOSYSTEM

By Solution

By Industry

COMPARISONS