如何防止apikey，域和url在firebase angularjs中显示给应用用户 [英] How to prevent apikey, domain and url to show to app user in firebase angularjs

问题描述

要使用firebase - 在web项目firebase doc说我们需要在java脚本文件中添加配置。像这样：

 < script> 
 //初始化Firebase 
 var config = {
 apiKey：<您的密钥值>，
 authDomain：<您的域值> 
 databaseURL：< url值>，
 storageBucket：<桶值>，
}; 
 firebase.initializeApp（config）; 
< / script> 
  

我的问题是：这不是安全漏洞吗？任何人都可以右键单击页面，并在浏览器中单击查看源代码，并可以看到所有这些值？

请纠正我，如果我错了或误解用法/任何事情？

解决方案

来自Firebase Auth团队的Alfonso。 不用担心，所有这些价值观都是公开的。我们的反滥用检查是在服务器端执行的，如果有人通过查看您网站的来源读取您的配置值，则没有安全漏洞。

To use firebase - in web project firebase doc says we need to add config in java script file. Like this:

<script>
        // Initialize Firebase
        var config = {
            apiKey: <your key value>,
            authDomain: <your domain value>,
            databaseURL: <url value>,
            storageBucket: <bucket value>,
        };
        firebase.initializeApp(config);
    </script>

My question: is this not an security hole? Any one can right click on page, and click on "view source code" in browser and can see all these values?

Please correct me, if i am wrong or misunderstood Usage/any thing?

解决方案

Alfonso from the Firebase Auth team.

You don't need to worry, all of these values are meant to be public. Our anti abuse checks are performed in the server side, and there is no security hole if someone reads your config values from viewing your site's source.

这篇关于如何防止apikey，域和url在firebase angularjs中显示给应用用户的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！