如何在读取和写入规则为 false 的情况下使用 firebase [英] How to use firebase with read and write rules as false

问题描述

我正在做一个项目，我遵循了一些教程来学习和构建应用程序.但是所有这些，他们将 Firebase 读写规则更改为 true，这是不安全的.例如他们改变了

I am working on a project and I followed few tutorials in order to learn and build the app. But all of them, they change the Firebase read and write rules to true which is not safe. for example they change

{
  "rules": {
    ".read": false,
    ".write": false
  }
}

到

{
  "rules": {
    ".read": true,
    ".write": true
  }
}

这使任何人都可以访问以任何方式读取和写入不安全的服务器数据.因此，我将此设置为 false，现在我无法将用户注册到 Firebase，它给出了一个错误，提示权限被拒绝".那么我现在必须做什么才能获得许可.

This gives access to anyone to read and write the server data which is not safe in any way. And hence I turned this to false and now I am unable to register the user to Firebase it is giving an error saying 'Permission Denied. So what would I have to do in order to get the permission now.

以前我使用此代码将用户注册到 Firebase，但现在无法正常工作.

Previously I was using this code to register the user to Firebase which is not working now.

mFirebaseAuth.createUserWithEmailAndPassword(editEmail.getText().toString(), editPass.getText().toString()).addOnSuccessListener(new OnSuccessListener<AuthResult>() {
                    @Override
                    public void onSuccess(AuthResult authResult) {

                        //Saving User to Database

                        User user = new User();
                        user.setEmail(editEmail.getText().toString());
                        user.setName(editName.getText().toString());
                        user.setPassword(editPass.getText().toString());
                        user.setPhone(editPhone.getText().toString());


                        users.child(FirebaseAuth.getInstance().getCurrentUser().getUid()).setValue(user).addOnSuccessListener(new OnSuccessListener<Void>() {
                            @Override
                            public void onSuccess(Void aVoid) {
                                waitingdialog.dismiss();
                                Snackbar.make(rootLayout, "Registration Successful", Snackbar.LENGTH_SHORT).show();
                                return;
                            }
                        }).addOnFailureListener(new OnFailureListener() {
                            @Override
                            public void onFailure(@NonNull Exception e) {
                                waitingdialog.dismiss();
                                Snackbar.make(rootLayout, "Registration Failed" + e.getMessage(), Snackbar.LENGTH_LONG).show();
                                return;
                            }
                        });
                    }
                });

推荐答案

因此在 Firebase 中有不同的规则，用户向数据库注册取决于这些规则，例如 Firebase 给出了四个规则

There are different rules for in the Firebase for this reason and the registration of the user to Database depends on those rules for instance there are four rules given by Firebase

默认

默认规则需要身份验证.它们仅允许对您的应用程序的经过身份验证的用户进行完全读写访问.如果您希望数据向应用的所有用户开放，但又不想向全世界开放

The default rules require Authentication. They allow full read and write access to authenticated users of your app only. They are useful if you want data open to all users of your app but don't want it open to the world

// These rules require authentication
{
  "rules": {
    ".read": "auth != null",
    ".write": "auth != null"
  }
}

公开

在开发过程中，您可以使用公共规则代替默认规则来设置您的文件公开可读和可写.这对于原型设计非常有用，因为您无需设置身份验证即可开始.这种访问级别意味着任何人都可以读取或写入您的数据库.您应该在启动应用之前配置更安全的规则.

During development, you can use the public rules in place of the default rules to set your files publicly readable and writable. This can be useful for prototyping, as you can get started without setting up Authentication. This level of access means anyone can read or write to your database. You should configure more secure rules before launching your app.

// These rules give anyone, even people who are not users of your app,
// read and write access to your database
{
  "rules": {
    ".read": true,
    ".write": true
  }
}

作为用户

这是一个规则示例，该规则为每个经过身份验证的用户提供一个位于/users/$user_id 的个人节点，其中 $user_id 是通过 身份验证.对于拥有用户私有数据的任何应用来说，这是一种常见情况.

Here's an example of a rule that gives each authenticated user a personal node at /users/$user_id where $user_id is the ID of the user obtained through Authentication. This is a common scenario for any apps that have data private to a user.

// These rules grant access to a node matching the authenticated
// user's ID from the Firebase auth token
{
  "rules": {
    "users": {
      "$uid": {
        ".read": "$uid === auth.uid",
        ".write": "$uid === auth.uid"
      }
    }
  }
}

作为私有私有规则禁止用户对您的数据库进行读写访问.使用这些规则，您只能通过 Firebase 控制台访问数据库.

as Private Private rules disable read and write access to your database by users. With these rules, you can only access the database through the Firebase console.

// These rules don't allow anyone read or write access to your database
{
  "rules": {
    ".read": false,
    ".write": false
  }
}

将用户注册到数据库，而读取和写入权限为 false 只会授予您从 Firebase 控制台编辑和读取数据的权限.

For registering the user to Database while read and write permissions as false will only give permission to you to edit and read the data from the Firebase Console.

这篇关于如何在读取和写入规则为 false 的情况下使用 firebase的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！