如何使用所有客户端实施保护Firebase? [英] How can I secure Firebase with an all client-side implementation?

问题描述

我有一个非常简单的Firebase应用，正在客户端上通过JavaScript进行读写.我这边没有用户帐户或服务器端应用程序.

I have a very simple Firebase app that is being read and written to via JavaScript all on the client-side. There are no user accounts or server-side applications on my end.

现在，任何查看我的JavaScript的人都可以复制我的Firebase URL并具有完整的读/写访问权限.

Right now, anyone looking at my JavaScript can copy my Firebase URL and have full read/write access permissions.

考虑到我在客户端上做的所有事情，我是否有任何简便的方法可以确保这一点?

Is there any easy way for me to secure this somehow considering I'm doing everything on the client side?

我在理解他们的文档以及如何解决此用例方面遇到困难.

I'm having trouble understanding their documentation and how I can solve this use case.

推荐答案

数据访问通过Firebase的安全规则语言进行管理，您可以在安全性和安全性"中找到该语言. Firebase仪表板的规则"标签.

Data access is managed through Firebase's security rules language, that you can find in the Security & Rules tab of your Firebase dashboard.

当您为应用创建新的Firebase后端时，默认情况下它将允许对所有人进行完全读取/写入.

When you create a new Firebase backend for an app, it defaults to allowing full read/write to everyone.

{
    "rules": {
        ".read": true,
        ".write": true
    }
}

最简单的更改是允许所有人阅读，但没有人可以写作:

The simplest possible change is to allow everyone to read, but no-one to write:

{
    "rules": {
        ".read": true,
        ".write": false
    }
}

通过这种方式，您只能在您是管理员(即使用Firebase仪表板)时对数据进行更改.

This way you can only make changes to the data when you're an administrator, i.e. when you're using the Firebase dashboard.

Firebase文档中有专门用于保护数据的整个部分.

The Firebase documentation has an entire section dedicated to securing your data.

这篇关于如何使用所有客户端实施保护Firebase?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！