Firebase 托管 - 仅限会员/受保护的网页? [英] Firebase Hosting - Members Only / Secured Webpages?
问题描述
我了解可以配置实时数据库规则以限制对多个级别的数据访问.太好了.
I understand that there are Realtime Database Rules which can be configured to restrict access to data at multiple levels. That's great.
托管怎么样?仅限会员"网页是否仅受实时数据库规则的保护?换句话说,客户端 Javascript 可以查看 firebase.auth().currentUser; 属性来确定什么 form、table、<例如,code>card、section 或任何从 CSS display:none 切换到 display:inline 的东西.但是,HTML 已经下载到客户端,因此不是很安全.
What about hosting? Are 'Members Only' webpages secured exclusively by the Realtime Database Rules? In other words, the client side Javascript could look at the firebase.auth().currentUser; properties to determine what form, table, card, section, or whatever to switch from CSS display:none to display:inline, for example. However, the HTML is already downloaded to the client so that's not really secure.
那么,继续下载页面但使用实时数据库规则来确定页面详细信息是否填充了敏感数据的想法是否可行?是这个想法吗?
So, is the idea to go ahead and download the page but use Realtime Database Rules to determine if the page details gets filled with sensitive data? Is that the idea?
我什至在实时数据库中存储了标记 (HTML),而且效果很好.
I have even stored markup (HTML) in the Realtime Database and that actually worked fine.
感谢任何建议.
推荐答案
Firebase Hosting 目前没有任何类型的访问控制,你是对的,HTML/JS/CSS 都会被下载,即使你'根据 Firebase 身份验证状态重新隐藏和显示它.
Firebase Hosting doesn't have any kind of access control presently, and you're correct that the HTML/JS/CSS will all be downloaded even if you're hiding and showing it based on Firebase Auth state.
根据您的应用程序,这实际上可能没问题!由于您可以使用 Firebase 数据库安全规则控制用户实际做什么,因此如果用户能够深入研究代码并看到他们可以看到的功能,这并不是什么大问题.t 实际使用.
Depending on your application, that may actually be just fine! Since you can control what users actually do using Firebase Database security rules, it isn't really a big deal if users can dig into the code and see functionality that they can't actually utilize.
如果隐藏应用程序的功能很重要,您可以仅在授权后从数据库或 Firebase 存储动态加载 JS/HTML.
If it is important to hide the capabilities of the application, you could dynamically load JS/HTML from the database or Firebase Storage only after authorization.
这篇关于Firebase 托管 - 仅限会员/受保护的网页?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
