Firebase Auth-防止暴力攻击 [英] Firebase Auth - brute force attack prevention

查看:207
本文介绍了Firebase Auth-防止暴力攻击的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

我们有一个Android和iOS应用程序,我们使用电子邮件/密码,Facebook和Google帐户实施了Firebase身份验证.

We have an Android and iOS apps which we implemented the Firebase Authentication using Email/Password, Facebook and Google Account.

我们怎么知道Firebase是否阻止黑客多次运行带有随机电子邮件和密码的脚本,以便最终入侵我们的系统?

How can we know if Firebase prevent hackers from running a script with a random email and password multiple times in order to hack into our system in the end?

我们在Firebase控制台上发现了这一点-

We found out this on Firebase Console -

管理注册配额

Manage sign-up quota

为了保护您的项目免受滥用,我们限制了新项目的数量 您的应用程序可以具有的电子邮件/密码和匿名注册 来自相同的IP地址.您可以请求和安排临时 更改此配额.

To protect your project from abuse, we limit the number of new Email/Password and Anonymous sign-ups that your application can have from the same IP address. You can request and schedule temporary changes to this quota here.

当前每小时配额:100

Current quota per hour: 100

但是无法在网络上找到其他任何东西,而且对于SIGN_IN方法并不清楚,而不仅仅是如上所述的SIGN_UP.

But could not find anything else over the Web and also this is not so clear for SIGN_IN method and no just SIGN_UP as written above.

感谢您的帮助.

推荐答案

将监控Firebase身份验证服务的滥用情况.但是,很少记录有关此监视的信息以及对检测到的滥用采取的措施,因为该信息会定期更改,对滥用者而言,比对大多数开发人员来说更有用.

The Firebase Authentication service is monitored for abuse. Information about this monitoring and the actions taken on detected abuse is seldom documented though, since the information changes regularly and would be more helpful to abusers than to most developers.

如果您认为用例已受到此监控或所采取的措施的影响,请

If you think your use-case is being affected by this monitoring or the actions taken upon it, reach out to Firebase support with clear details (i.e. code)on what you're trying to do, and what behavior you seeing.

这篇关于Firebase Auth-防止暴力攻击的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!

查看全文
登录 关闭
扫码关注1秒登录
发送“验证码”获取 | 15天全站免登陆