Android中Firebase本地数据库的安全性如何？ [英] How Secure is Firebase Local Database in Android?

问题描述

我打算将我的本地和在线数据库切换到Firebase作为我的Android应用程序。根据文档， Firebase会将更改存储到本地数据库，然后在网络可用时将其推送到在线数据库。 在我的应用程序，我会在数据库中放入一些关于用户的非常敏感的数据。所以这里是我的问题，

1. 本地Firebase数据库的安全程度如何？




2. 这是一个善意的黑客用正确的工具来破解它有多困难？

它只是一个简单的JSON文件就像在线数据库一样，任何拥有超级用户权限的人都可以打开？ b
一般来说，Firebase实时数据库可以在离线时使用。然而，期望的是应用程序应该大部分时间连接，并且在连接时脱机时发生的数据库更改将被同步。 100％离线使用并不是真正的支持用例，因为规范数据存储位于服务器上。




数据库的本地副本仅限于（10MB，at至少在Android上是这样的）。如果您打算在脱机状态下写入超出此限制的数据库，它将逐出部分缓存数据，为您添加的任何内容腾出空间。然后，你将不能再读取这些被驱逐的值，直到应用程序重新上线。更糟糕的是，管理越来越多的写入申请，当返回在线是应用程序的税收，所以你不想在脱机时计划大量的写入。





另外，如果您有为数据库定义的权限或验证，则只能在服务器上进行检查。所以，如果你正在脱机写本地缓存，并且你不再有一个活跃的监听器，那么你可能永远不会知道这些写操作是否失败。



由于这些警告，最好不要将Firebase实时数据库视为离线数据库。



最好把它看作是一个同步的数据库，在服务器连接存在的时候同步到服务器。

I am planning to switch to Firebase as my local and online database for my Android app. As per the docs, Firebase stores changes to the local database first and then pushed it to the online DB when network is available.

In my app, I would be putting some really sensitive data about the user in the database. So here are my questions,

1. How secure is the local Firebase database?

2. How difficult is it for a well-intentioned hacker with the right tools to hack it?

3. Is it just a simple JSON file like the online database, which anyone with root access can open?

Thanks.

解决方案

In a general sense, Firebase Realtime Database can be used while offline. However, the expectation is that the app is supposed to be connected most of the time, and changes to the database that happen while offline will be synchronized when it has connectivity. 100% offline use is not really a supported use case, because the canonical data store is on the server.

The local copy of the database is limited to (10MB, at least on Android this is the case). If you intend to write to the database beyond this limit while offline, it will evict part of your cached data to make room for whatever you’re adding. Then, you will no longer be able to read those evicted values until the app goes back online. Worse, managing a growing list of writes to apply when back online is taxing on the app, so you don’t want to plan a lot of writes while offline.

Also, if you have permissions or validations defined for your database, these can only be checked on the server. So, if you’re doing offline writing to your local cache and you no longer have an active listener, you may never know if those writes fail.

Because of these caveats, it’s better not to think of Firebase Realtime Database as an "offline" database. It’s better to think of it as a "synchronized" database that actively syncs to the server while connectivity is present.

这篇关于Android中Firebase本地数据库的安全性如何？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！