I just want to say that Firebase security rules deny every operation by default. An empty rules file allows nothing.
The devs that wrote these rules had to intentionally allow overly broad reads/writes to this part of their database in order to create this vulnerability. And this had to pass code review and automated testing.
That’s not good, and it has nothing to do with their choice of tools.
The devs that wrote these rules had to intentionally allow overly broad reads/writes to this part of their database in order to create this vulnerability. And this had to pass code review and automated testing.
That’s not good, and it has nothing to do with their choice of tools.