为什么不建议为所有设备启用脱机支持? [英] Why enabling offline support for all devices isn't recommended?
问题描述
在Firebase文档中 https://firebase.google.com/docs/firestore/manage-data/enable-offline 中有一段关于离线持久性.
In the firebase documentation https://firebase.google.com/docs/firestore/manage-data/enable-offline there is a paragraph about offline persistence.
对于Web,默认情况下禁用离线持久性.启用持久性,请调用enablePersistence方法.Cloud Firestore的会话之间不会自动清除缓存.因此,如果您的网络应用会处理敏感信息,请务必询问用户如果在启用持久性之前它们位于受信任的设备上.
For the web, offline persistence is disabled by default. To enable persistence, call the enablePersistence method. Cloud Firestore's cache isn't automatically cleared between sessions. Consequently, if your web app handles sensitive information, make sure to ask the user if they're on a trusted device before enabling persistence.
为什么通常不建议在不受信任的设备上启用它?
人们如何潜在地利用它?
如果有预防的方法?(除了无法在不受信任的设备上启用)
Why is it in general not recommended to enable it on not trusted devices?
How people can potentially exploit it?
And if there is a way to prevent it? (besides not enabling on untrusted devices)
P.S:非常感谢晚上阅读的好文章:)
P.S: Good articles for evening reading are much appreciated :)
推荐答案
为什么通常不建议在不受信任的设备上启用它?
Why is it in general not recommended to enable it on not trusted devices?
因为在会话期间读取和写入的用户数据就位于为本地缓存创建的文件中.
Because the user's data that they read and wrote during the session is sitting right there in that file created for the local cache.
人们如何潜在地利用它?
How people can potentially exploit it?
通过访问该文件.最简单的方法是使用他们以前使用过的同一台(公用)计算机,而不会先将其擦干净,但这不是在其他人可以访问的计算机上读取文件的唯一方法.
By gaining access to that file. The easiest thing to be to use the same (public) computer that they used without it first being wiped clean, but that's not the only way to read a file on a computer that others have access to.
如果有预防的方法?(除了无法在不受信任的设备上启用)
And if there is a way to prevent it? (besides not enabling on untrusted devices)
以某种方式安排用户停止与创建该文件的网站进行交互后立即删除该文件.
Somehow arrange for that file to be immediately removed as soon as the user has stopped interacting with the web site that created it.
这篇关于为什么不建议为所有设备启用脱机支持?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
