在Firebase-RealtimeDatabase上使用什么规则来允许用户注册和登录? [英] What rules to use on Firebase-RealtimeDatabase to let users register and login?

问题描述

为了让Android用户通过我的应用进行注册和登录，我设置了 .read 和 .write 为 true .我的问题是，由于公开，因此任何人都可以访问用户的JSON文件.如何仅通过应用程序和Firebase控制台限制对数据库的访问?以下是规则:

In order to let Android users register and login through my app I have set the .read and .write as true. My problem is anyone is able to access the users JSON file since it's public. How can I restrict the access to the database only through the app and Firebase console? Below are the rules:

{
    "rules": {
        ".read": true,
        ".write": true
    }
}

推荐答案

使用以下规则:

{
  "rules": {
      ".read": "auth != null",
      ".write": "auth != null"
  }
}

您将仅向经过身份验证的用户授予 read 和 write 访问权限.有关更多信息，请参阅有关 Firebase安全规则的官方文档.

You'll give read and write access only to authenticated users. For more information, please see the official documentation regarding Firebase security rules.

根据您的评论，然后应验证执行操作的用户是否实际上是经过身份验证的用户.因此，例如，假设您只希望经过身份验证的用户能够访问其帐户，则需要遵循以下规则:

According to your comment, you should then verify if the user that performs an operation is actually the authenticated user. So for example, let's say you want only authenticated users to able to access their accounts, the following rules are required:

{
  "rules": {
    "users": {
      "$uid":{
        ".read": "$uid === auth.uid",
        ".write": "$uid === auth.uid"
      }
    }
  }
}

这篇关于在Firebase-RealtimeDatabase上使用什么规则来允许用户注册和登录?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！