需要一个更好的Firebase Realtime数据库规则 [英] Need a better rule for Firebase Realtime database

查看:36
本文介绍了需要一个更好的Firebase Realtime数据库规则的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

[Firebase]客户端对您的实时数据库'---------------'的访问7天前过期

您选择在测试模式"下开始开发,这使您的实时"数据库实例完全向Internet开放.因为这个选择使您的应用容易受到攻击者的攻击,您的数据库安全规则被配置为在前30天后停止允许请求.从7天前开始,所有客户端请求都将发送到您的实时数据库实例已被拒绝,并将继续被拒绝,直到安全规则已更新.每天运行分析;如果您已经修改您过去24小时内的规则可能无法体现

我仍在开发我的应用程序,并且此电子邮件显示出来....您能建议一个更好的规则吗..我的应用程序包含用户登录以及注册和重命名名称,密码,电子邮件..

解决方案

如果您希望任何人都可以读取您的数据库,但只有登录的用户可以写,则可以使用以下方法:

  {规则":{".read":是的,".write":"$ user_id === auth.uid"}}

其中$ user_id来自您的用户json.此变量不需要称为$ user_id.它可以是用户json中的任何变量.例如:

 用户":{"user_id":{名称":"John Doe"," email":" email@example.com",}}

如果您希望只读数据库,可以使用以下方法:

  {规则":{".read":是的,".write":false}}

您可以在数据库安全规则中了解更多信息.

[Firebase] Client access to your Realtime Database '---------------' expired 7 day(s) ago

You chose to start developing in Test Mode, which left your Realtime Database instance completely open to the Internet. Because this choice made your app vulnerable to attackers, your database security rules were configured to stop allowing requests after the first 30 days. Starting 7 day(s) ago, all client requests to your Realtime Database instance have been denied and will continue to be denied until security rules are updated. Analysis is run daily; if you've modified your rules in the last 24 hours those changes may not be accounted for.

I am still developing my app and this email shows up....can you please suggest a better rule..my app contains user log in and registration and reseting name, passowrd, email..

解决方案

If you want anyone to be able to read your database but only logged users to write, you can use this:

{
  "rules": {
    ".read": true,
    ".write": "$user_id === auth.uid"
  }
}

where $user_id comes from your user json. This variable doesnt need to be called $user_id. It can be any variable from your user json. ex:

"users" : 
    {
        "user_id":
        {
            "name":"John Doe",
            "email":"email@example.com",
        }
    }

If you prefer to have your database read only, you can use this:

{
  "rules": {
    ".read": true,
    ".write": false
  }
}

You can read more in Database Security Rules.

这篇关于需要一个更好的Firebase Realtime数据库规则的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!

查看全文
相关文章
其他开发最新文章
热门教程
热门工具
登录 关闭
扫码关注1秒登录
发送“验证码”获取 | 15天全站免登陆