Firestore添加安全规则以仅允许从移动应用读取 [英] Firestore add security rule to allow reads only from mobile app

问题描述

我正在使用Firestore和React Native制作一个移动应用程序.

I am making a mobile app with Firestore and React Native.

没有身份验证系统，启动应用程序后，用户会从Firestore下载集合.

There is no authentication system and upon starting the app, the user download a collection from Firestore.

rules_version = '2';
service cloud.firestore {
  match /databases/{database}/documents {
    match /{document=**} {
       allow read: if true;
    }
  }
}

截至目前，该规则允许每个人都从数据库中读取数据.是否可以/建议仅将流量限制在我们的移动应用程序上?

As of right now, the rule allows everyone to read from the database. Is it possible/advisable to limit the traffic to only our mobile app?

推荐答案

无法使用安全规则来限制对特定应用程序的访问.如果您的规则允许进行读取访问而无需使用Firebase身份验证进行登录，则具有Internet连接的任何人都可以执行读取.

It's not possible to use security rules to limit access to a certain app. If your rules allow read access without requiring a sign-in using Firebase Authentication, then anyone with an internet connection can perform reads.

至少，您可能需要匿名身份验证.但这仍然不会阻止某人创建帐户并使用该帐户来读取所有内容，而无需通过应用程序.

Minimally, you could require anonymous authentication. But that still would not stop someone from creating an account and using that to read everything without going through the app.

这篇关于Firestore添加安全规则以仅允许从移动应用读取的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！