保护Firestore数据库免受攻击 [英] Protect Firestore database from attack

问题描述

对于即将启动的附带项目，我想建立一个注册表格，使人们可以表达出对获得邀请的兴趣.我将Firestore用于该应用程序，并希望创建一个新集合来存储所有潜在用户.

For a side-project that is about to launch, I want to set-up a signup form where people can show their interest in getting an invite. I use Firestore for the application and want to create a new collection where I store all the potential users.

由于此表单已在公司网站上发布，因此我不能使用通过身份验证的安全规则，因为每个人都必须能够提交该表单.因此，写许可是公开的.

As this form is published on the company website, I can not use security rules using authentication, as everybody has to be able to submit the form. For this reason, the write permission is public.

我是否可以采取任何措施来防止智能用户无限地发出写请求?我的目标是使注册过程尽可能地易于访问.

Are there any measures I could take to prevent a smart user to infinitely make write requests? I aim to keep the sign-up process as accessible as possible.

谢谢！

推荐答案

正如Doug在评论中解释的那样，除使用安全规则外，无法保护Firestore数据库.为此，需要Firebase身份验证.有关更多信息，请访问: https://firebase.google.com/docs/firestore/security/规则条件#authentication

As Doug explained in the comments, it is not possible to protect the Firestore database other than using security rules. In order to do so, Firebase Authentication is required. For more information, visit: https://firebase.google.com/docs/firestore/security/rules-conditions#authentication

就我而言:我应用了Frank的建议(请参阅注释)并实现了匿名身份验证，以限制每个用户可能进行的写入次数.谢谢！

In my case: I applied Frank's advice (see comments) and implemented anonymous authentication to limit the number of writes possible per user. Thank you!

这篇关于保护Firestore数据库免受攻击的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！