Firebase安全规则是否会影响用户帐户的创建&认证？ [英] Do Firebase Security Rules affect user account creation & authentication?

问题描述

我想启用电子邮件&我的Firebase数据库上的密码验证。不过，我也想严格地创建帐户，并在服务器上而不是客户端上对用户进行身份验证。我能否简单地将.read设置为false来阻止客户自己创建账户？或者我需要使用自定义身份验证？

I want to enable email & password authentication on my Firebase database. However I also want to strictly create accounts and authenticate users on the server rather than on the client. Can I simply set ".read" to false to prevent clients from creating accounts themselves? Or would I need to use custom authentication?

推荐答案

您无法限制创建Email& Firebase上的密码帐户。您只能限制用户可以读取和写入的数据。一个没有读/写访问权限的用户帐户是无用的。

You cannot restrict the creation of Email & Password accounts on Firebase. You can only limit what data users can read and write. A user account that has no read/write access to any data is pretty useless.

使用自定义身份验证，您确实可以不为任何用户创建JWT想要创建一个帐户。但正如所说：这不会提高数据安全性，这只是意味着这些用户将得到你没有帐户类型的消息，而不是你无法访问这些数据。

With custom authentication you could indeed simply not mint a JWT for users that you don't want to create an account for. But as said: this doesn't improve data security, it just means that those user will get "you don't have an account" type message instead of "you don't have access to this data".

这篇关于Firebase安全规则是否会影响用户帐户的创建&认证？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！