Firestore添加安全规则以仅允许从移动应用读取 [英] Firestore add security rule to allow reads only from mobile app
问题描述
我正在使用Firestore和React Native制作一个移动应用程序.
I am making a mobile app with Firestore and React Native.
没有身份验证系统,启动应用程序后,用户会从Firestore下载集合.
There is no authentication system and upon starting the app, the user download a collection from Firestore.
rules_version = '2';
service cloud.firestore {
match /databases/{database}/documents {
match /{document=**} {
allow read: if true;
}
}
}
截至目前,该规则允许每个人都从数据库中读取数据.是否可以/建议仅将流量限制在我们的移动应用程序上?
As of right now, the rule allows everyone to read from the database. Is it possible/advisable to limit the traffic to only our mobile app?
推荐答案
无法使用安全规则来限制对特定应用程序的访问.如果您的规则允许进行读取访问而无需使用Firebase身份验证进行登录,则具有Internet连接的任何人都可以执行读取.
It's not possible to use security rules to limit access to a certain app. If your rules allow read access without requiring a sign-in using Firebase Authentication, then anyone with an internet connection can perform reads.
至少,您可能需要匿名身份验证.但这仍然不会阻止某人创建帐户并使用该帐户来读取所有内容,而无需通过应用程序.
Minimally, you could require anonymous authentication. But that still would not stop someone from creating an account and using that to read everything without going through the app.
这篇关于Firestore添加安全规则以仅允许从移动应用读取的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!