我的Firebase用户身份验证中的未知用户(Flutter/Firebase) [英] Unknown user in my firebase user authentication (Flutter/firebase)
问题描述
我开发了一个应用程序,用于使用flutter和google身份验证来测试google登录功能.该项目是一个封闭的项目,只有我可以访问它.但是最近我看到有一个来自未知电子邮件ID的google登录.在没有构建我的应用程序的情况下,用户如何登录?我的帐户被黑客入侵了吗?发生了什么事?
I developed an app to test the google login feature using flutter and google authentication. The project is a closed project and only I have access to it. But recently I saw that there was a google sign in from an unknown Email ID. How did the user login without the build of my app? Has my account been hacked? What is going on?
推荐答案
任何了解您项目的API密钥的人都可以使用简单的CURL命令访问Firebase项目.
Anyone with knowledge of your project's API Keys can access your Firebase Project using simple CURL Commands.
这就是为什么最好对这些API密钥添加限制
This is why it's a good idea to add restriction to those API Keys
如果没有,请访问 https://console.cloud.google.com 和
- 选择您的项目
- 点击左上角的菜单图标(汉堡图标)
- 转到API&服务,然后是凭据
您可以查看Google Cloud Project(链接到Firebase Project)的API,然后为API密钥设置限制,刷新它们或限制对Android或iOS等特定平台的访问.
You can view the APIs for your Google Cloud Project (linked to your Firebase Project) and then set restrictions for the API keys, refresh them or restrict access to specific platforms like Android or iOS.
您还可以设置允许访问API密钥的Firebase组件的限制.例如,如果您的项目不需要使用Cloud Firestore,则可以确保API密钥不能用于调用Firestore数据库
You can also set restrictions on which components of Firebase the API key is allowed to access. For example, if your project doesn't require the use of Cloud Firestore, you can ensure that the API Key cannot be used to make calls to the Firestore Database
说了算,我仍然建议您通过 https://firebase.google.com/support/troubleshooter/contact
All said and done, I would still recommend that you shoot a mail to the Firebase Support team at https://firebase.google.com/support/troubleshooter/contact
这篇关于我的Firebase用户身份验证中的未知用户(Flutter/Firebase)的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
