如何防止其他访问我的firebase [英] How to prevent other access to my firebase

查看:129
本文介绍了如何防止其他访问我的firebase的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

如何防止其他用户使用我的firebase网址?我必须做些什么来确保它只有我的域名?

首先,要明白,你不能保护任何网址互联网根据来源域 - 恶意用户可以简单地说谎。保护原始域名仅用于防止跨站点欺骗攻击(恶意源伪装成您的网站并诱使用户以其名义登录)。



好消息是,用户已经被阻止从一开始就从未经授权的域进行身份验证。您可以在Forge中设置您的授权域名:




  • 在浏览器中输入您的Firebase网址(例如: https://INSTANCE.firebaseio.com/

  • 登录

  • 点击Auth

  • 将您的域添加到授权请求源的列表中

  • 选择您要使用的提供程序并相应地进行配置b

    $ b

    现在为了保护您的数据,您将转到安全选项卡并添加安全规则。一个好的起点如下:

      {
    rules:{
    //只验证用户可以读取或写入我的Firebase
    .read:auth!== null,
    .write:auth!== null
    }
    }

    安全规则是一个很大的话题。您需要快速阅读概述并观看此视频


    How do I prevent other users that can be use my firebase url? What must I do to secure it to only my domain?

    解决方案

    First of all, understand that you cannot secure any URL on the internet according to the origin domain--malicious users can simply lie. Securing the origin domains is only useful in preventing cross-site spoofing attacks (where a malicious source pretends to be your site and dupes your users into logging in on their behalf).

    The good news is that users are already prevented from authenticating from unauthorized domains from the start. You can set your authorized domains in Forge:

    • type your Firebase url into a browser (e.g. https://INSTANCE.firebaseio.com/)
    • log in
    • click on the Auth tab
    • add your domain to the list of Authorized Requests Origins
    • select a "provider" you want to use and configure accordingly

    Now to secure your data, you will go to the security tab and add security rules. A good starting point is as follows:

    {
       "rules": {
           // only authenticated users can read or write to my Firebase
           ".read": "auth !== null",
           ".write": "auth !== null"
       }
    }
    

    Security rules are a big topic. You will want to get up to speed by reading the overview and watching this video.

    这篇关于如何防止其他访问我的firebase的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!

查看全文
登录 关闭
扫码关注1秒登录
发送“验证码”获取 | 15天全站免登陆