如何防止Firestore文档被删除/修改,但允许所有读写 [英] How to prevent Firestore documents being deleted / modified, but allow all reads and writes
问题描述
我有一个ios应用程序,可将数据存储在Firestore上,并且几乎任何人都可以读写数据.我不想允许的是修改或删除数据.如何在不使用身份验证的情况下将其写入安全规则?基本上,我会收到警告,您的安全规则被定义为公共规则,因此任何人都可以窃取,修改或删除数据库中的数据."超越我的规则.谢谢!我当前的规则根本不是特定的,只是说允许读,写;".
I have an ios app which stores data on Firestore, and I am okay with literally anyone reading or writing data. What I don't want to allow is the modification or deleting of data. How can I write that into my security rules without using authentication? Basically, I get the warning, "Your security rules are defined as public, so anyone can steal, modify, or delete data in your database." Above my rules. Thanks! My current rules are not specific at all, is just says "allow read, write;".
推荐答案
为避免该消息,您应该做两件事:
To avoid that message, you should do two things:
- 删除递归通配符模式"/{document = **}"匹配所有文档,而是调出每个单独的集合来分配特定的权限.
- 更改所需的颗粒权限的类型如文档中所述
match /collection1/{id} {
allow read, create;
}
为每个集合重复该操作.
Repeat that for each collection.
我强烈建议您彻底阅读文档以了解规则是如何工作的,因为规则是许多应用程序的最大责任.
I do strongly recommend that you thoroughly read the documentation to understand how rules work, as they are the biggest liability for many apps.
这篇关于如何防止Firestore文档被删除/修改,但允许所有读写的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
