Firebase Flutter:Cloud Firestore数据库具有不安全的规则 [英] Firebase Flutter : Cloud Firestore database has insecure rules
问题描述
Firebase不断告诉我
Firebase keep telling me
我们检测到您的安全规则存在以下问题:任何用户都可以读取您的整个数据库
We've detected the following issue(s) with your security rules: any user can read your entire database
我更改了规则,但是该规则在我的应用中不起作用,因为所有用户都可以从db读取并且只有经过身份验证的用户才能向db写入.
I have changed the rules but that rules doesn’t work in my app because all user can read from db and only authenticate user can write to db.
Firebase表示应该执行写入和读取操作,直到我们登录为止.但就我而言,每个用户都可以读取,只有登录用户可以写入.
Firebase says that write and read should be performed until we login. But in my case every user can read and only login user can write.
任何想法如何解决这个问题?还是我做错了?
Any ideas how to solve this ? or I'm I doing it wrong ?
rules_version = '2';
service cloud.firestore {
match /databases/{database}/documents {
match /{document=**} {
allow read;
allow write: if request.auth != null;
}
}
}
推荐答案
您可以明确将read设置为false吗?
Can you set your read to false explicitly?
rules_version = '2';
service cloud.firestore {
match /databases/{database}/documents {
match /{document=**} {
allow read: if false;
allow write: if request.auth != null;
}
}
}
应该这样做.让我知道它是否仍然存在.根本原因是,即使您仅允许经过身份验证的用户读取或写入内容,但他们仍可以访问整个数据库,如
That should do it. Let me know if it persists. The root cause is that even though you are allowing only authenticated users to read or write but they have access to the whole database as mentioned in the Google Cloud Firestore Documentation. That also means any authenticated user can write anything in your database.
如果您的数据库为每个用户有一个单独的文档,我建议使用以下规则,该规则仅允许用户写入/读取自己的数据.
If you database has a separate document for each user, I would suggest using the following rules which allows users to write/read their own data only.
rules_version = '2';
service cloud.firestore {
match /databases/{database}/documents {
match /users/{userId} {
allow read, write: if request.auth.uid === userId;
}
}
}
这篇关于Firebase Flutter:Cloud Firestore数据库具有不安全的规则的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
