如何使用密码匿名访问 Firestore 文档 [英] How to anonymously access a firestore document using a password

问题描述

我正在构建一个带有 firebase 的 Web 应用程序，该应用程序没有身份验证系统，但在获得密码后仍需要访问 Firestore 文档中的敏感数据.我曾考虑将密码设为文档名称，但后来我意识到这并不安全，因为有人可以查询数据库中的所有文档.

I'm building a web app with firebase that can't have an authentication system but still needs to access sensitive data in a firestore document after being given a password. I was thinking about making the password the name of the document, but then I realized this is not secure because someone could query all the documents in the database.

有没有一种方法可以使用 firebase 规则或其他一些解决方法，以便读取文档的唯一方法是使用特定代码?

Is there a way to use firebase rules or some other workaround such that the only way to read a document is to have a certain code?

推荐答案

您可以通过简单地拒绝 list 访问并仅允许 get 访问来禁用对集合的查询:

You can disable querying for a collection by simply denying list access and allowing only get access:

match /collection/{id} {
  allow get;
}

这样，用户必须知道文档的ID才能获取.它仅适用于已为其指定 ID 的一个文档.

In this way, the user must know the ID of the document in order to get it. It will only work for the one document that they've been given the ID of.

否则，无法在查询中提供密码，因为这实际上根本不是很安全.

Otherwise, there is no way to provide a password as part of a query, because that's not actually very secure at all.

这篇关于如何使用密码匿名访问 Firestore 文档的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！