如何安全地允许用户从Firebase队列中删除响应? [英] How to safely allow user to delete responses from Firebase-queue?
问题描述
我将Firebase与Angular2和Firebase-queue一起用作批处理服务器。
客户端将任务发送到服务器,并等待响应。 / p>
客户端可以使用请求ID读取响应。但是,那么响应会发生什么?我猜只有客户端可以删除它,但是我真的不喜欢把 .write
给客户端。
所以我试图找出一种方法来保证这个 .write
访问权。
问题:是否可以给 响应本身,甚至是 我试图避免人们(恶意)在用户阅读之前删除响应。 如果我只希望auth用户能够使用它,我应该使用以下规则吗? I'm using Firebase with Angular2 and Firebase-queue as a batch server. Clients send tasks to the server and sometime they are waiting for a response. Client can read the response using the request id. But then, what happens to the response ? I guess only the client can delete it but I don't really like to give So I'm trying to figure out a way to secure this Question: Is It possible to give The response itself and even the I'm trying to avoid people(evil) deleting responses before the user can read it. Frank van Puffelen answered the response here. If I only want auth user to able to use it, I should use the following rules right?
这篇关于如何安全地允许用户从Firebase队列中删除响应?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋! .read
和 .write
只能访问拥有请求密钥的用户?
/ responses
节点对于其他节点都是不可读的。
< pre $ respond:{
.read:false,
.write:false,
$ response:{
.read:auth!= null,
.write:auth!= null,
}
}
.write
to the client..write
access..read
and .write
access only to the user that own the request key?/responses
node would not be readable for the others."responses": {
".read": "false",
".write": "false",
"$responses": {
".read": "auth != null",
".write": "auth != null",
}
}