如何在读写规则为false的情况下使用Firebase [英] How to use firebase with read and write rules as false

查看:89
本文介绍了如何在读写规则为false的情况下使用Firebase的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

我正在研究一个项目,为了学习和构建该应用程序,我遵循了一些教程.但是所有这些都将Firebase的读写规则更改为true,这是不安全的.例如,它们会更改

I am working on a project and I followed few tutorials in order to learn and build the app. But all of them, they change the Firebase read and write rules to true which is not safe. for example they change 

{
  "rules": {
    ".read": false,
    ".write": false
  }
}


{
  "rules": {
    ".read": true,
    ".write": true
  }
}

这使任何人都可以读取和写入服务器数据,这是绝对不安全的.因此,我将其设置为false,现在无法将用户注册到Firebase,这是错误消息权限被拒绝.所以,我要怎么做才能立即获得许可.

This gives access to anyone to read and write the server data which is not safe in any way. And hence I turned this to false and now I am unable to register the user to Firebase it is giving an error saying 'Permission Denied. So what would I have to do in order to get the permission now.

以前,我是使用此代码将用户注册到现在无法正常工作的Firebase的.

Previously I was using this code to register the user to Firebase which is not working now.

mFirebaseAuth.createUserWithEmailAndPassword(editEmail.getText().toString(), editPass.getText().toString()).addOnSuccessListener(new OnSuccessListener<AuthResult>() {
                    @Override
                    public void onSuccess(AuthResult authResult) {

                        //Saving User to Database

                        User user = new User();
                        user.setEmail(editEmail.getText().toString());
                        user.setName(editName.getText().toString());
                        user.setPassword(editPass.getText().toString());
                        user.setPhone(editPhone.getText().toString());


                        users.child(FirebaseAuth.getInstance().getCurrentUser().getUid()).setValue(user).addOnSuccessListener(new OnSuccessListener<Void>() {
                            @Override
                            public void onSuccess(Void aVoid) {
                                waitingdialog.dismiss();
                                Snackbar.make(rootLayout, "Registration Successful", Snackbar.LENGTH_SHORT).show();
                                return;
                            }
                        }).addOnFailureListener(new OnFailureListener() {
                            @Override
                            public void onFailure(@NonNull Exception e) {
                                waitingdialog.dismiss();
                                Snackbar.make(rootLayout, "Registration Failed" + e.getMessage(), Snackbar.LENGTH_LONG).show();
                                return;
                            }
                        });
                    }
                });

推荐答案

因此,Firebase中有不同的规则,用户向数据库的注册取决于这些规则,例如Firebase给出了四个规则

There are different rules for in the Firebase for this reason and the registration of the user to Database depends on those rules for instance there are four rules given by Firebase

默认

默认规则要求身份验证.它们仅允许对您的应用程序的经过身份验证的用户进行完全读写访问.如果您希望向应用程序的所有用户开放数据,但又不希望向所有人开放数据,那么它们很有用

The default rules require Authentication. They allow full read and write access to authenticated users of your app only. They are useful if you want data open to all users of your app but don't want it open to the world

// These rules require authentication
{
  "rules": {
    ".read": "auth != null",
    ".write": "auth != null"
  }
}

公开

在开发过程中,可以使用公共规则代替默认规则来设置文件公开可读和可写.这对于原型制作很有用,因为您无需设置身份验证就可以开始使用.这种访问级别意味着任何人都可以读取或写入您的数据库.您应该在启动应用之前配置更安全的规则.

During development, you can use the public rules in place of the default rules to set your files publicly readable and writable. This can be useful for prototyping, as you can get started without setting up Authentication. This level of access means anyone can read or write to your database. You should configure more secure rules before launching your app.

// These rules give anyone, even people who are not users of your app,
// read and write access to your database
{
  "rules": {
    ".read": true,
    ".write": true
  }
}

以用户身份

下面是一个规则示例,该规则为每个经过身份验证的用户提供一个位于/users/$ user_id的个人节点,其中$ user_id是通过

Here's an example of a rule that gives each authenticated user a personal node at /users/$user_id where $user_id is the ID of the user obtained through Authentication. This is a common scenario for any apps that have data private to a user.

// These rules grant access to a node matching the authenticated
// user's ID from the Firebase auth token
{
  "rules": {
    "users": {
      "$uid": {
        ".read": "$uid === auth.uid",
        ".write": "$uid === auth.uid"
      }
    }
  }
}

为私人 专用规则禁止用户对数据库的读写访问.使用这些规则,您只能通过Firebase控制台访问数据库.

as Private Private rules disable read and write access to your database by users. With these rules, you can only access the database through the Firebase console.

// These rules don't allow anyone read or write access to your database
{
  "rules": {
    ".read": false,
    ".write": false
  }
}

要在将读取和写入权限设置为false时将用户注册到数据库,将仅授予您从Firebase控制台编辑和读取数据的权限.

For registering the user to Database while read and write permissions as false will only give permission to you to edit and read the data from the Firebase Console.

这篇关于如何在读写规则为false的情况下使用Firebase的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!

查看全文
相关文章
移动开发最新文章
热门教程
热门工具
登录 关闭
扫码关注1秒登录
发送“验证码”获取 | 15天全站免登陆