在Firebase数据库规则中,"true"是什么意思 [英] What does `true` means in firebase database rules
问题描述
我从Firebase开始,我有一个非常基本的问题
I'm starting with firebase and i've a very basic question
在我的数据库的Firebase规则中:
in firebase rules for database i've:
{
"rules": {
".read": true,
".write": true
}
}
根据google,这意味着任何人都可以在数据库上进行读写.
我的问题是谁?
According to google it means that anyone can read and write on database.
My question is who anyone?
让我澄清一下:
- 我不想强迫我的应用程序用户登录,也不想在Google上拥有帐户才能使用它.
- 此项目未与其他人,其他应用或其他任何东西共享
有人可以访问存储在Firebase中的数据吗?如果是,怎么办?
is it possible to somebody to access the data stored in firebase? if yes how?
如果是的话,我又该如何保护数据而不强迫用户拥有凭据?
again if yes, what should i do to protect the data without forcing users to have credentials?
推荐答案
true在这里意味着您的数据实际上没有受到任何保护.任何拥有这些工具以及Firebase项目名称的人都可以完全读取和写入您的所有数据.应该考虑到您的数据库具有极大的隐私问题,这对于您存储的有关用户的数据尤其不利.
true here mean there is literally no protection of your data. Anyone who has the tools, and the name of your Firebase project, is able to fully read and write all your data. It should be considered that your database has extreme privacy concerns, which is especially bad for the data you're storing about your users.
任何人都可以使用REST API这样简单的方法通过一个请求访问整个数据库(或删除整个数据库).
Anyone can use something as simple as the REST API to access your entire database (or delete your entire database) with one request.
在没有Firebase身份验证的情况下,您应限制通过您控制的某些其他受保护API的所有访问.全面探讨如何设置其他API不在此问题的范围内.
Without Firebase Auth, you should restict all access through some other protected API that you control. It's outside the scope of this question to fully explore how to set up that other API.
这篇关于在Firebase数据库规则中,"true"是什么意思的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
