Firebase托管-仅限会员/受保护的网页? [英] Firebase Hosting - Members Only / Secured Webpages?
问题描述
我了解到可以将实时数据库规则配置为在多个级别限制对数据的访问.太好了.
I understand that there are Realtime Database Rules which can be configured to restrict access to data at multiple levels. That's great.
那托管呢? 仅限会员"网页是否仅由实时数据库规则保护?换句话说,客户端Javascript可以查看firebase.auth().currentUser;属性来确定form,table,card,section是什么,或者从CSS display:none切换到display:inline的任何内容.例子.但是,HTML已下载到客户端,因此并不十分安全.
What about hosting? Are 'Members Only' webpages secured exclusively by the Realtime Database Rules? In other words, the client side Javascript could look at the firebase.auth().currentUser; properties to determine what form, table, card, section, or whatever to switch from CSS display:none to display:inline, for example. However, the HTML is already downloaded to the client so that's not really secure.
那么,是继续下载页面但使用实时数据库规则来确定页面详细信息是否充满敏感数据的想法吗?是这个主意吗?
So, is the idea to go ahead and download the page but use Realtime Database Rules to determine if the page details gets filled with sensitive data? Is that the idea?
我什至将标记(HTML)存储在实时数据库中,并且效果很好.
I have even stored markup (HTML) in the Realtime Database and that actually worked fine.
任何建议都值得赞赏.
推荐答案
Firebase托管目前没有任何类型的访问控制,并且您正确地认为即使您已经将HTML/JS/CSS全部下载了,根据Firebase身份验证状态重新隐藏并显示它.
Firebase Hosting doesn't have any kind of access control presently, and you're correct that the HTML/JS/CSS will all be downloaded even if you're hiding and showing it based on Firebase Auth state.
根据您的应用程序,实际上可能还不错!由于您可以使用Firebase数据库安全规则控制用户实际执行的操作,因此,如果用户可以深入研究代码并查看他们可以使用的功能,这并不是什么大问题."才真正利用.
Depending on your application, that may actually be just fine! Since you can control what users actually do using Firebase Database security rules, it isn't really a big deal if users can dig into the code and see functionality that they can't actually utilize.
如果隐藏应用程序的功能很重要,则可以仅在授权后才能从数据库或Firebase Storage动态加载JS/HTML.
If it is important to hide the capabilities of the application, you could dynamically load JS/HTML from the database or Firebase Storage only after authorization.
这篇关于Firebase托管-仅限会员/受保护的网页?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
