在实时数据库 (Firebase) 上存储 API 密钥 [英] Storing API keys on the Realtime Database (Firebase)

问题描述

我的 android 应用程序需要使用 Google Place Search API，但由于它不适用于 android，我将不得不调用 Web API.我已经考虑过使用 Cloud Functions，但这太昂贵了，如果在每个客户端本地完成，成本会低很多.问题在于将 API 密钥存储在用户的设备上，因为它可以轻松检索.因此，如果我将密钥存储在 RT DB 上并仅在需要时引用它是否安全?

My android app requires using the Google Place Search API but since it's not available for android, I'll have to call the Web API. I've considered using Cloud Functions but that's too expensive and can be done for a lot less if done locally on each client. The problem is storing the API key on the user's devices as it can be easily retrieved. Thus is it safe if I store the key on the RT DB and reference it only when needed?

此外，如果您有任何建议，我非常乐意实施它们:D

Also, if you have suggestions, I'd me more than happy to implement them :D

推荐答案

将密钥存储在数据库中仍然需要用户可以访问它.因此，虽然检索的工作量增加了一级，但恶意用户仍然能够检索到它.

Storing the key in the database still requires that users can access it. So while it's one level more effort to retrieve, malicious users will still be able to retrieve it.

不应在客户端代码中使用服务器端密钥.

A server-side key should simply not be used in client-side code.

这篇关于在实时数据库 (Firebase) 上存储 API 密钥的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！