[英]Can the data in my Firebase project be tampered with by reverse engineering my app?
I have an app using Firebase as backend. 我有一个使用Firebase作为后端的应用程序。 Can someone reverse engineer my app to get hold of the code and modify it to access and tamper my database? 有人可以对我的应用程序进行反向工程以获取代码并对其进行修改以访问和篡改我的数据库吗? If so, how can I secure my data against such attacks? 如果是这样,如何保护我的数据免受此类攻击?
Also, is there any other ways that my database can be compromised? 另外,是否还有其他方法可以破坏我的数据库?
What are the best practices to protect my data? 有什么最佳实践来保护我的数据?
To secure your data, you need to use Firebase Database rules: 为了保护您的数据,您需要使用Firebase数据库规则:
Firebase Database Rules are declarative configuration for your database. Firebase数据库规则是数据库的声明性配置。 This means that the rules are defined separately from the product logic. 这意味着规则是与产品逻辑分开定义的。 This has a number of advantages: clients aren't responsible for enforcing security, buggy implementations will not compromise your data, and perhaps most importantly, there is no need for an intermediate referee, such as a server, to protect data from the world. 这具有许多优点:客户端不负责强制执行安全性,错误的实现不会损害您的数据,而且也许最重要的是,不需要中间裁判(例如服务器)来保护数据免受外界攻击。
Example: 例:
{
"rules": {
"users": {
"$user_id": {
// grants write access to the owner of this user account
// whose uid must exactly match the key ($user_id)
".write": "$user_id === auth.uid"
}
}
}
}
more info here: 更多信息在这里:
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.