I'm developing a realtime chat using firebase with the forge application InAppChatReactive. It's working perfectly for my purpose.

However, in the firebase settings, it is showing that security rules are public, as in the image:

I think it could be a vulnerability

Searching on stackflow I found a configuration that would solve the alert, but I am not able to make it work with the Outsystems.

{

  "rules": {

    "users": {

      "$userId": {

        // grants write access to the owner of this user account

        // whose uid must exactly match the key ($userId)

        ".read": "$userId === auth.uid",

        ".write": "$userId === auth.uid"        

      }

    }

  }

}