限制Firebase对单个Android应用的访问权限而无需身份验证 [英] Restrict firebase access to a single android app without authentication

问题描述

我需要访问Firebase存储中的读/写图像.没有身份验证功能.我该如何仅通过应用程序来限制数据管理.

I need to access read/write images from firebase storage. There is no authentication facility. How can I restrict the data management through app only.

提供公共访问权限的现有规则是

Existing rules to provide public access is

rules_version = '2';
service firebase.storage {
  match /b/{bucket}/o {
    match /{allPaths=**} {
      allow read, write;
    }
  }
}

推荐答案

无法将通过Firebase SDK访问文件的方式仅限制为您的应用程序.这种方法在基于云的环境中根本行不通.

There is no way to limit access to the files through the Firebase SDK to your application only. That approach simply doesn't work in a cloud-based environment.

另请参阅:

• 限制对Firebase存储的访问因此只有我的应用可以访问它
• 如何仅允许我的应用程序无需登录即可访问Firebase?
• 锁定Firebase数据库对特定应用程序的访问权限
• 如何进行Firebase存储仅适用于该应用的用户(我刚刚发现，并且您的问题是重复的)

• Restrict access to Firebase storage so only my app can access it
• How to allow only my app to access firebase without a login?
• Locking down Firebase DB access to specific apps
• How to make firebase storage only available to users of the app (which I just now found, and of which your question is a duplicate)

尽管这些通常与其他Firebase产品有关，但相同的逻辑也适用于存储.

While these are usually about other Firebase products, the same logic applies to Storage.

您将需要在安全规则中描述可以通过Firebase API对Cloud Storage中的文件执行哪些操作，然后(如果需要)描述谁也可以通过使用Firebase身份验证来执行这些操作.

You will need to describe in your security rules what can be done to the files in Cloud Storage through the Firebase API, and then (if needed) who can do those things by using Firebase Authentication too.

请注意，使用Firebase身份验证并不一定要求用户提供凭据，因为Firebase提供了匿名登录.这只是为每个用户提供了一个安全，唯一的ID，您可以使用该ID(例如)允许用户仅访问自己上传的文件(以及许多其他用例).

Note that using Firebase Authentication doesn't necessarily require the user to provide credentials, as Firebase provides an option to sign in anonymously. This simply gives each user a secure, unique ID, which you could for example use to allow users only access to files they uploaded themselves (and many other use-cases).

这篇关于限制Firebase对单个Android应用的访问权限而无需身份验证的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！