保持firebase数据安全 [英] Keeping firebase data secure
问题描述
如果规则是:
//这些规则需要认证
{
rules:{
.read:auth!= null,
.write:auth! = null
}
这种规则允许完整的读取写入您的应用的已通过身份验证的用户的访问权限。换句话说,经过身份验证的用户可以访问数据库中的所有数据,而不会发生任何黑客行为。
如果您设置了类似于此规则的内容:
pre $ $ $ b $$ user $$ {$ b $$ user $$ { /授予对此用户帐户的所有者的写入权限
//其uid必须与该密钥完全匹配($ user_id)
.write:$ user_id === auth.uid$ b $它允许写访问权限,它允许用户访问数据库中的数据。到这个用户帐户的所有者,但只有这个数据。
这意味着你必须设置规则,以获得您的数据中的每个节点所需的结果。 / p>
So the last thing I want is anyone accessing the database that isn't supposed to. Users on my app create an account which has a key and children in my database (an easy to acces user profile) and it also makes an auth account. The rules of the database state that only authenticated users can access the database. Is it possible for someone who is authenticated to somehow access the rest of the database (through hacking maybe)? This is my first app using firebase and I want to make sure that user information will be protected.
It depends by your rules.
If the rule is:
// These rules require authentication
{
"rules": {
".read": "auth != null",
".write": "auth != null"
}
}
This kind of rule allows full read and write access to authenticated users of your app. In other words an authenticated user can access all the data in the database without any hacking.
If you set something similar to this rule:
{
"rules": {
"users": {
"$user_id": {
// grants write access to the owner of this user account
// whose uid must exactly match the key ($user_id)
".write": "$user_id === auth.uid"
}
}
}
}
it grants write access to the owner of this user account but only of this data.
It means that you have to set the rules to obtain the wanted result for each nodes in your data.
这篇关于保持firebase数据安全的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!