Firebase Auth我的变量安全/安全吗? [英] Firebase Auth Are my variables secure/safe?

问题描述

我目前正在使用heroku存储我的环境变量以进行Firebase身份验证初始化.我正在使用服务器获取环境变量，并使用socket.io将其发送到客户端.以下是我的意思.

I am currently using heroku to store my environmental variables for my firebase authentication initialisation. I am using my server to get the environmental variables and send it to the client using socket.io. Below is what I mean.

1)从服务器向客户端发送环境变量的示例:

1) Example of sending environmental variable to client from server:

socket.emit('value', process.env.apiKey);

2)将其作为data [0]存储在客户端中:

2) storing it as data[0] in the client:

socket.on('value', function(data) {
firebase.initializeApp({
        apiKey: data[0],
});
})

这样安全吗?如果我在客户端上保存了apiKey的值，有人可以从客户端取回apiKey的值吗?

Is this safe? Can someone from the client retrieve the value of the apiKey if I save it like this on the client?

谢谢

推荐答案

如果数据是从客户端使用的，则恶意用户可以从那里获取数据.像在这里一样动态地查找数据，仅增加了一个额外的步骤.

If the data is used from the client, it can be gotten from there by a malicious user. Looking up the data dynamically like you do here, merely adds an extra step.

但是，传递给initializeApp的数据是基本配置数据，它使代码可以在服务器上找到Firebase项目.这不是秘密，不是安全机制，可以与您的用户安全共享.请参阅我的答案，以了解为什么不必尝试保护此数据的原因:

But the data that you pass to initializeApp is basic configuration data that allows the code to find your Firebase project on the servers. It is not a secret, it's not a security mechanism ,and it can be safely shared with your users. See my answer here, for why you don't have to try and secure this data: Is it safe to expose Firebase apiKey to the public?

这篇关于Firebase Auth我的变量安全/安全吗?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！