在Firebase动态“链接"中传递查询参数是否安全?属性 [英] Is this safe to pass query parameter in Firebase Dynamic "link" attribute

问题描述

我正在为Android&集成 firebase动态链接. iOS应用程序.我发现我在 link 属性中传递的查询参数不安全.我可以复制链接表单调试详细信息(通过在深层链接的末尾附加?d = 1).

I'm integrating firebase dynamic linking for Android & iOS application. What I found is query parameter I passed in link attribute is not safe. I can copy link form debug detail (by appending ?d=1 at the end of deep link).

我的理解是，我们不应在此处传递任何重要信息作为查询参数，但是有办法保护这一点！

My understanding says we should not pass any important information here as query parameter, but is there way to safeguard this !!

推荐答案

它与常规链接一样秘密-因此，如果您不希望在标准URL中传递一些重要的细节，则不要将其放在动态链接中关联.如果您有一些机密信息，最好始终将其链接到适当的身份验证系统.

Its only as secret as a regular link - so if you wouldn't pass some important detail in a standard URL, then don't put it in a dynamic link. If you have some secret information, it is always best to link that to a proper auth system.

如果将数据写入Firestore或Realtime Database之类的系统中，则可以使用安全规则来限制其访问，然后在动态链接参数中传递引用.规则中要限制的内容的具体情况取决于您的用例.

If you write the data into a system like Firestore or the Realtime Database you can use security rules to restrict its access, then pass a reference in the dynamic link parameters. The specifics of what to restrict in the rules will depend on your use case.

这篇关于在Firebase动态“链接"中传递查询参数是否安全?属性的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！