[英]How to Secure Firebase in client side Javascript
I am using Firebase with Ruby on Rails (4.0.3). 我将Firebase与Ruby on Rails(4.0.3)一起使用。 The Client side JS is listening for events on a particular URL. 客户端JS正在侦听特定URL上的事件。 Obviously, the URL is visible to the client, and adding any token based authentication is useless since that'd be visible too. 显然,URL对客户端是可见的,并且添加任何基于令牌的身份验证都是无用的,因为这也是可见的。 Whats the way around this? 怎么办呢?
Firebase supports a system of security rules that define who can read or write information in your Firebase. Firebase支持一个安全规则系统,该规则定义了谁可以读取或写入Firebase中的信息。 You define them by writing json like this: 您可以通过编写json来定义它们,如下所示:
{
"rules": {
"foo": {
// /foo/ is readable by the world
".read": true,
// /foo/ is writable by the world
".write": true,
// data written to /foo/ must be a string less than 100 characters
".validate": "newData.isString() && newData.val().length < 100"
}
}
}
There's a whole lot more to this topic than is appropriate to put in a Stack Overflow answer, so please check out Firebase's official documentation on security . 关于这个问题,除了要提出Stack Overflow答案之外,还有很多其他内容,因此请查阅Firebase的安全性官方文档 。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.