太容易删除整个数据库 [英] Too easy to delete whole database

问题描述

有没有办法保护数据库免受删除？我的意思是点击根节点旁边的x非常容易。这会破坏整个应用程序，并造成一个很大的混乱处理。

如何处理这个脆弱？

<我们假设我有两个Firebase帐户：一个用于测试，一个用于已启动的应用程序。我经常登录和使用另一个。在测试帐户上，我定期删除整个节点。激活的密码保护功能可以避免两个帐户之间非常昂贵的混淆。

您的项目的控制台，用户被认为是数据库的管理员。这意味着他们可以对他们想要的数据库执行任何写入操作，而不是绑定到您的安全规则。

作为开发人员，您可能经常使用这个事实来更改你的数据结构，同时开发应用程序。对于应用程序管理员，您应该创建一个自定义管理仪表板，他们只能执行您的代码允许的操作。

方法来删除特定的权限，例如限制他们可以删除的数据量。这可能是一个有用的功能请求，所以我建议在此处张贴。但目前，如果您不信任用户对您的数据足够小心，则不应该让他们访问控制台。正如特拉维斯所说：设置备份可能是解决这种焦虑的好方法。

Is there a way to protect the database from deletion? I mean it's very easy to click on the "x" next to the root node. This would destroy the whole app and cause an enourmous mess to deal with.

How to deal with this fragility?

EDIT:

Let's assume I have two firebase accounts: one for testing and one for the launched app. I regularly log in and out to use the other one. On the test account I delete whole nodes on a regular basis. An activated password protection would avoid a very expensive confusion of the two accounts.

解决方案

If you give a user edit access to the Firebase Console of your project, the user is assumed to be an administrator of the database. This means they can perform any write operation to the database they want and are not tied to your security rules.

As a developer you probably often use this fact to make changes to your data structure while developing the app. For application administrators, you should probably create a custom administrative dashboard, where they can only perform the actions that your code allows.

There is no way to remove specific permissions, such as limiting the amount of data they can remove. It could be a useful feature request, so I suggest posting it here. But at the moment: if you don't trust users to be careful enough with your data, you should not give them access to the console.

As Travis said: setting up backups may be a good way to counter some of this anxiety.

这篇关于太容易删除整个数据库的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！