Firebase(客户端与服务器端)
[英]Firebase (client-side vs server-side)
问题描述
I'm building a PWA with django/python on the server-side and vue on the client-side and want to use firebase as a database as well as make use of the firebase authentication. 
我正在服务器端使用django / python构建PWA,并在客户端构建vue,并希望使用firebase作为数据库以及使用firebase身份验证。
After some thorough research I realised that I had to make a few choices. 经过深入研究后,我意识到我必须做出一些选择。
Question 1: Authentication 问题1:身份验证
- I can do authentication on the client-side or server-side. 我可以在客户端或服务器端进行身份验证。 Which one would be best (more secure) ? 哪一个最好(更安全)?
Question 2: Database 问题2:数据库
- In terms of CRUDS I am a bit conflicted. 在CRUDS方面我有点矛盾。 Do I write all my data to firestore from the client-side? 我是否从客户端将所有数据写入firestore?
- Do I rather use api's to communicate with my backend and then write data to firestore from the backend? 我是否更愿意使用api与后端通信,然后从后端将数据写入firestore? What are the security implications of doing this? 这样做有什么安全隐患?
Should I just use both in terms of context? 我应该在上下文中使用两者吗? If there are no security implications I would do my authentication client-side and my CRUDS from the server-side. 如果没有安全隐患,我会从服务器端执行我的身份验证客户端和我的CRUDS。 I think I would also have to check authentication to write to the database from the backend. 我想我还必须检查身份验证以从后端写入数据库。
1 个解决方案
解决方案1
2 已采纳 2018-10-13 14:02:53
Authentication of a user's credentials should always happen on a server, as it can't be securely done on the client's computer. 用户凭据的身份验证应始终在服务器上进行,因为无法在客户端的计算机上安全地进行。 What Firebase Authentication allows however, is that the authentication runs on Google's servers, while you control it from a simple client-side API call. 然而,Firebase身份验证允许的是,身份验证在Google服务器上运行,而您可以通过简单的客户端API调用来控制身份验证。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.