在了解Firebase配置安全性方面需要帮助 [英] Need help in understanding Firebase config security
问题描述
如果有人将此配置集成到JS中,那么是否会因为任何人都可以打开JS文件,访问此详细信息并访问我的Firebase数据库而引起安全问题?
var config = {
apiKey: "xxxx",
authDomain: "xxx.firebaseapp.com",
databaseURL: "https://xxx.firebaseio.com",
storageBucket: "xxx.appspot.com",
messagingSenderId: "0000"
};
如何确保其安全性?
这仅仅是为了让客户端可以识别您的应用.甚至apiKey更像是一个参考,而不像一个秘密密码,因此请不要担心.您可以使用它实例化单个文件中的许多应用程序. (请参见 https://firebase.google.com/docs/web/setup )
// Intialize the "[DEFAULT]" App
var mainApp = firebase.intializeApp({ ... });
// Intialize a "Secondary" App
var secondaryApp = firebase.initializeApp({ ... }, "Secondary");
...
mainApp.database().ref("path/to/data").set(value);
secondaryApp.database().ref("path/to/data").set(anotherValue);
现在,Firebase安全性的核心是Firebase实时数据库规则.在这里学习: https://firebase.google.com/docs/database/security/ >
Firebase实时数据库规则以类似于JSON的格式表示,因此您应该立即为自己创建一些规则!
If one integrates this config in JS, won't it be a security concern as any one can open the JS file, get access to this details and access my firebase DB?
var config = {
apiKey: "xxxx",
authDomain: "xxx.firebaseapp.com",
databaseURL: "https://xxx.firebaseio.com",
storageBucket: "xxx.appspot.com",
messagingSenderId: "0000"
};
How does one make sure it's secure?
That's just so the client can identify your app. Even the apiKey is more like a reference and less like a secret password so don't worry. You can use this to instantiate many apps inside a single file. (see https://firebase.google.com/docs/web/setup)
// Intialize the "[DEFAULT]" App
var mainApp = firebase.intializeApp({ ... });
// Intialize a "Secondary" App
var secondaryApp = firebase.initializeApp({ ... }, "Secondary");
...
mainApp.database().ref("path/to/data").set(value);
secondaryApp.database().ref("path/to/data").set(anotherValue);
Now, the heart of Firebase security are the Firebase Realtime Database Rules. Learn them here: https://firebase.google.com/docs/database/security/
The Firebase Realtime Database Rules are expressed in a JSON-like format, so you should be creating some for yourself in no time!
这篇关于在了解Firebase配置安全性方面需要帮助的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!