防止滥用:Firebase的云端功能 [英] Preventing Abuse: Cloud Functions for Firebase
本文介绍了防止滥用:Firebase的云端功能的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
一些想法:
- 使用 RTDB 或云端存储触发器尽可能多,因为对这些产品的写入受到这些产品的安全规则的保护
- 将功能置于诸如 Cloudflare 之类的服务之后
- 设置结算提醒,如果每月账单非常大,则会发送通知
解决方案
查看我的答案此处。
我的答案中有短暂的细目:
- 限制请求类型
-
- 检查原始地址
- 在
- 之间使用负载平衡器像 Cloudflare Page Rules
希望它有帮助:)
What is the best way to stop an attacker from triggering a Cloud Function repeatedly, causing a huge bill or causing the project to run into quota limits?
Some ideas:
- Use RTDB or Cloud Storage triggers as much as possible, since writes to those are protected by those products' security rules
- Put functions behind a service like Cloudflare
- Set up billing alerts, so a notification is sent if the monthly bill is unusually large
解决方案
Check my answer here.
Short breakdown of items from my answer :
- Limit the type of requests
- Authenticate if you can
- Check for origin
- Use a load balancer in between
- Use something like Cloudflare Page Rules
Hope it helps :)
这篇关于防止滥用:Firebase的云端功能的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文
