对写访问Firebase实时数据库的简单保护 [英] Simple protections for write access Firebase Realtime Database

问题描述

我需要一种简单的方法来阻止任何人将下面的代码复制到他们的检查器工具中，以添加错误的分数.没有用户，我只想限制来自浏览器的写访问权限.有没有办法使用Firebase Realtime Database中的安全规则来做到这一点?现在，我只有".read":true，".write":true和验证.

I need a simple way to stop anyone from copying the code below into their inspector tool to add false scores. There are no users, I just want to restrict write access from the browser. Is there a way to do this with security rules in Firebase Realtime Database? Right now I just have ".read": true, ".write": true, and validations.

        firebase
          .database()
          .ref("scores")
          .push({
            name: name,
            score: score
          });

推荐答案

如果您想将写访问权限限制为仅使用Firebase身份验证(包括

If you want to limit write access to only the users signed into your app/project with Firebase Authentication (including anonymous users), your write rule should minimally contain what's suggested in the documentation:

".write": "auth != null"

这篇关于对写访问Firebase实时数据库的简单保护的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！