All the security we've added to our application has been client side. In a production app this isn't enough, we want to add security to our database directly.
We'll start securing our application's database with Firestore Security Rules.
We'll write security rules to prevent unauthenticated users from accessing our database, and then we'll add extra rules so that only a document's owner can access that document.