我正在开发一个Android应用程序,并使用Firebase作为我的后端 [英] I'm Developing an Android app and using Firebase as my Backend
问题描述
所以如果有人通过逆向工程Android应用程序获得我的源代码,那么他/她可以轻松地更改Firebase引用(节点名称),并可以改变其他用户的事情,这根本不是一件好事。
我的应用使用电话认证来认证用户。但黑客可以改变参考,然后使用他的电话认证自己,否则他是好的,去改变别人的帐户。
那么如何防止呢?如果我理解你是正确的,那么你使用的是firebase数据库。您应该阅读 Firebase安全规则的工作方式。如果用户通过 Firebase认证,用户只能访问和修改自己的数据认证的方法(你提到的电话认证)。由于您没有提供示例代码,因此我无法给出具体的用法,但可以在 Firebase关于保护用户数据的文档
如果你这样做,一个黑客会做,因为他需要首先认证另一个用户的号码。 (=不可能)
By Using Firebase , all my Logic will be inside the client app . So if someone got my source code by reverse engineering the android app , then he/she can easily change the Firebase References (node names) and can change things of other users and that's not a good thing at all.
My app uses Phone Authentication to authenticate Users . but The hacker can change the reference and then authenticate himself using his phone no and then he is good to go altering someone else's account .
So how to prevent that ?
If I understand you right, you are using firebase database. You shoud read how firebase security rules work. It is possible to let a user only access and modify his own data if the user is authenticated via one of Firebase auth's methods (you mentioned phone auth). As you haven't provide example code, I can't give you a concrete usage, but you can find many examples in the firebase docs about "Securing user data".
If you do it like this, it doesn't matter what a "hacker" would do as he needs to authenticate with another user's number first. (=impossible)
这篇关于我正在开发一个Android应用程序,并使用Firebase作为我的后端的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
