0
0
Firebasecloud~20 mins

Storage security rules in Firebase - Practice Problems & Coding Challenges

Choose your learning style9 modes available
LearnWhyDeepVisualTryChallengeProjectRecallTime
Challenge - 5 Problems
🎖️
Storage Security Master
Get all challenges correct to earn this badge!
Test your skills under time pressure!
security
intermediate
2:00remaining
Identify the effect of this Firebase Storage rule
Given the following Firebase Storage security rule, what is the effect on file uploads?
service firebase.storage {
  match /b/{bucket}/o {
    match /user_uploads/{userId}/{allPaths=**} {
      allow write: if request.auth != null && request.auth.uid == userId;
      allow read: if false;
    }
  }
}
AOnly authenticated users can read files; anyone can upload files.
BAnyone can upload files to any folder; only authenticated users can read files.
COnly authenticated users can upload files to their own folder; no one can read any files.
DNo one can upload or read any files.
Attempts:
2 left
💡 Hint
Look at the conditions for write and read separately.
service_behavior
intermediate
2:00remaining
What happens when a user tries to read a file with this rule?
Consider this Firebase Storage rule:
service firebase.storage {
  match /b/{bucket}/o {
    match /public/{allPaths=**} {
      allow read: if true;
      allow write: if false;
    }
  }
}

What happens when any user tries to read a file in the 'public' folder?
AOnly users with admin role can read files.
BThe read request is allowed for all users.
COnly authenticated users can read files.
DThe read request is denied for all users.
Attempts:
2 left
💡 Hint
Check the condition for read permission.
Architecture
advanced
2:00remaining
Choose the best rule to restrict file deletion to owners only
You want to allow users to upload and delete only their own files under 'users/{userId}/files/'. Which Firebase Storage rule achieves this?
Aallow write: if request.auth != null && request.auth.uid == userId && (resource == null || request.resource == null);
Ballow write: if request.auth != null && request.auth.uid == userId && request.method == 'delete';
Callow write: if request.auth != null && request.auth.uid == userId;
Dallow write: if request.auth != null && request.auth.uid == userId && request.resource == null;
Attempts:
2 left
💡 Hint
Consider how to allow both upload and delete but restrict others.
🧠 Conceptual
advanced
2:00remaining
What error occurs if a rule references an undefined variable?
In Firebase Storage rules, what happens if you write a rule that uses a variable not defined in the path or request context, like 'userId' without declaring it in the path?
AThe rule causes a compilation error and deployment fails.
BThe rule deploys but always denies access at runtime.
CThe rule ignores the undefined variable and allows access.
DThe rule causes a runtime error when accessed.
Attempts:
2 left
💡 Hint
Think about how Firebase validates rules before deployment.
Best Practice
expert
3:00remaining
Select the best practice for securing user files in Firebase Storage
Which of the following is the best practice to secure user files in Firebase Storage to prevent unauthorized access?
AAllow read and write access to all authenticated users for all files.
BAllow public read access and restrict write access to admins only.
CDisable all security rules and rely on client-side checks.
DUse folder paths with user IDs and restrict access so users can only read and write their own folders.
Attempts:
2 left
💡 Hint
Think about isolating user data and limiting access.