如何更新Firestore数据库的安全规则? [英] How to update security rules for Firestore database?
问题描述
我刚收到来自Firebase的电子邮件,
电子邮件标题:[Firebase]客户端对实时数据库connectssocialmediaapp-default-rtdb的访问权限将在5天内到期电子邮件说明:您选择开始在测试模式下进行开发,这将使Realtime Database实例完全向互联网.由于此选择使您的应用容易受到攻击者的攻击,因此您将数据库安全规则配置为在开始的30天后停止允许请求.在5天内,对您的实时数据库实例的所有客户端请求都将被拒绝.在此之前,请更新您的安全规则,以允许您的应用正常运行,同时适当保护您的数据.每天运行分析;如果您在最近24小时内修改了规则,则可能无法考虑这些更改.我如何更新我的数据库安全规则,以使客户端对我的实时数据库的访问不会过期... ??
我当前的安全规则是
rules_version ='2';服务cloud.firestore {匹配/databases/{database}/documents {匹配/{document = **} {允许读写:如果request.time<timestamp.date(2021,4,22);}}} 当前安全规则
rules_version ='2';服务cloud.firestore {匹配/databases/{database}/documents {匹配/{document = **} {允许读写:如果为true;}}} 您可以如下设置规则:
rules_version ='2';服务cloud.firestore {匹配/databases/{database}/documents {匹配/{document = **} {允许读写:if request.auth!= null;}}} 以上规则将仅允许经过身份验证的用户访问/写入数据到您的数据库.请注意,如果您将规则设置为 if true; ,则任何用户都可以访问Firestore中的所有信息.您可以检出此链接,了解一些常见的安全规则及其用例.此处是Firestore安全规则的官方文档的链接.>
允许读取,写入:如果为false;
您可以设置此规则以禁止用户访问数据库.
I just receive an email from firebase which is:
Email Title: [Firebase] Client access to your Realtime Database connectsocialmediaapp-default-rtdb is expiring in 5 day(s) Email Desciption: You chose to start developing in Test Mode, which leaves your Realtime Database instance completely open to the Internet. Because this choice makes your app vulnerable to attackers, your database security rules were configured to stop allowing requests after the first 30 days. In 5 day(s), all client requests to your Realtime Database instance will be denied. Before that time, please update your security rules to allow your app to function while appropriately protecting your data. Analysis is run daily; if you've modified your rules in the last 24 hours, those changes may not be accounted for. how can i update my database security rules so that client access to my realtime datbase would not expire...??
My current security rules are
rules_version = '2';
service cloud.firestore {
match /databases/{database}/documents {
match /{document=**} {
allow read, write: if
request.time < timestamp.date(2021, 4, 22);
}
}
}
current security rules
rules_version = '2';
service cloud.firestore {
match /databases/{database}/documents {
match /{document=**} {
allow read, write: if true;
}
}
}
You can set your rules as follows:
rules_version = '2';
service cloud.firestore {
match /databases/{database}/documents {
match /{document=**} {
allow read, write: if request.auth != null;
}
}
}
This rule above will allow only authenticated users to access/write data to your database.
Please do note that any user can access all the information in your Firestore if you set the rules to if true;. You can checkout this link for some common security rules and their user cases.
Here is the link to official documentation for Firestore security rules.
allow read, write: if false;
You can set this rule to disable users' access to the database.
这篇关于如何更新Firestore数据库的安全规则?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
