We cannot allow un-auth user to change the database data as they want, for Firebase, it is easy just need to overwirte the rules:
{ "rules": { ".read": "true", ".write": "auth != null", "courses": { ".indexOn": ["url"] }, "lessons": { ".indexOn": ["url"] } } }
Here we set "write" needs auth, read dones‘t need auth.
[AngularFire 2] Protect Write Access Using Security Rules
原文:http://www.cnblogs.com/Answer1215/p/6107268.html