Best practices

Firestore security rules with public database access

Platform(s)
Compliance Frameworks
  • Brazilian General Data Protection (LGPD)
  • ,
  • CCPA
  • ,
  • coppa
  • ,
  • CPRA
  • ,
  • Data Security Posture Management (DSPM) Best Practices
  • ,
  • ISO 27701
  • ,
  • iso_27001_2022
  • ,
  • iso_27002_2022
  • ,
  • mpa
  • ,
  • New Zealand Information Security Manual
  • ,
  • NIST 800-171
  • ,
  • NIST 800-53
  • ,
  • Orca Best Practices
  • ,
  • PDPA
  • ,
  • pipeda
  • ,
  • UK Cyber Essentials

Description

We have found that Firestore Database {GcpFirestoreDatabase} is configured with overly permissive security rules, allowing public database access. Cloud Firestore Security Rules protect your data from malicious users. Make sure you properly secure your users' data by avoiding common pitfalls, as mentioned in: https://firebase.google.com/docs/firestore/security/insecure-rules#mixed-public-and-private-access_1.