在实时数据库(Firebase)上存储API密钥 [英] Storing API keys on the Realtime Database (Firebase)
问题描述
另外,如果你有什么建议,我更愿意实现它们:D在数据库中存储密钥仍然需要用户可以访问它。D
因此,尽管检索的难度比较高,但恶意用户仍然可以检索到。
服务器端密钥不应该用在客户端代码中。
My android app requires using the Google Place Search API but since it's not available for android, I'll have to call the Web API. I've considered using Cloud Functions but that's too expensive and can be done for a lot less if done locally on each client. The problem is storing the API key on the user's devices as it can be easily retrieved. Thus is it safe if I store the key on the RT DB and reference it only when needed?
Also, if you have suggestions, I'd me more than happy to implement them :D
Storing the key in the database still requires that users can access it. So while it's one level more effort to retrieve, malicious users will still be able to retrieve it.
A server-side key should simply not be used in client-side code.
这篇关于在实时数据库(Firebase)上存储API密钥的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!