Hi Kenworth, 

Thanks for the reply. 

As I said I am using the Firebase Database secrets to make calls between 
GAE and Firebase Database. I do not have any problem over that, My problem 
is the Hosted API on GAE. That API is not secure, anyone with the API 
endpoints and URL structure can query it on their browsers. So I want to 
secure it so that it can be only be accessed by the iOS application on 
phone and by some IP address. I got your only solution, I can restrict that 
using Firewalls but by doing that my application also cannot use it too.

Hope I am clearly describing the problem.


On Friday, March 9, 2018 at 11:07:30 PM UTC+5:30, Kenworth (Google Cloud 
Platform) wrote:
> It seems Firebase Database Security Rules API 
> <https://firebase.google.com/docs/reference/security/database/#authtoken> can 
> be used to set rules to limit/grant access to their DB. For example, 
> developers can restrict access to only emails coming from your domain 
> <https://firebase.google.com/docs/reference/security/database/#authtoken> or 
> craft a rule which only allows users if their email is whitelisted 
> <https://firebase.google.com/docs/reference/security/database/#replacesubstring_replacement>
> .
> For GAE, users can restrict IP addresses using Firewall rules 
> <https://cloud.google.com/appengine/docs/standard/python/creating-firewalls> 
> or  configure 
> your app to only allow access by admin users 
> <https://cloud.google.com/appengine/docs/standard/python/config/appref> (GAE 
> Standard only).

You received this message because you are subscribed to the Google Groups 
"Google App Engine" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to google-appengine+unsubscr...@googlegroups.com.
To post to this group, send email to google-appengine@googlegroups.com.
Visit this group at https://groups.google.com/group/google-appengine.
To view this discussion on the web visit 
For more options, visit https://groups.google.com/d/optout.

Reply via email to