如何使Firebase存储仅对应用程序用户可用 [英] How to make firebase storage only available to users of the app

问题描述

我已将图像保存到Firebase存储中，我只希望使用该应用程序的用户能够访问它们.我不想强迫用户仅使用该应用程序登录，所以这不是一种选择.

I have images saved to my Firebase storage and I only want users using the app to be able to access them. I don't want to force my users to login just to use the app, so that is not an option.

推荐答案

由于Firebase后端服务托管在云中，因此任何人本质上都可以访问它们.没有办法将访问权限限制为仅使用您编写的代码的人员.任何开发人员都可以下载SDK，重写您的代码，然后使用该代码访问相同的后端服务.

Since the Firebase back-end services are hosted in the cloud, they are by nature accessible by anyone. There is no way to limit their access to only people that are using the code that you write. Any developer can download the SDK, rewrite your code and use that to access the same back-end services.

这就是为什么您要通过基于用户的安全性来保护对Firebase数据(无论是数据库中的结构化数据还是存储中的文件)的访问权限.让您的用户登录该应用意味着您可以确定谁正在访问数据.对用户进行身份验证后，即可使用Firebase的安全规则(用于数据库或存储)以确保他们只能访问自己的数据重新授权.他们可能仍在使用其他代码，但是您至少会知道他们是谁，并确保他们只能以您授权的方式访问数据.

That's why you secure access to Firebase data (whether structured data in the database or files in storage) through user-based security. Making your users sign in to the app, means that you can identify who is accessing the data. Once you've authenticated the users, you can use Firebase's security rules (for database or storage) to ensure they can only access the data they're authorized for. They may still be using other code, but you'll at least know who they are and be assured that they can only access the data in ways you authorized.

您可以使用

You can get the best of both worlds (requiring users to be authenticated, without requiring them to log-in) by using anonymous authentication. Just keep in mind that there too, any developer can download the Firebase SDK and authenticate the user anonymously.

有关该主题的较早讨论(适用于数据库，但同样适用于存储)，请参见

For an older discussion on the topic (for the database, but it applies equally to storage), see How to prevent other access to my firebase

这篇关于如何使Firebase存储仅对应用程序用户可用的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！