使用Firebase身份验证,但需要提高安全性
[英]Using Firebase Authentication but need to improve security
问题描述
I am a final year student and currently have an application that uses Firebase in order to process login requests. 
我是大一学生,目前有一个使用Firebase的应用程序来处理登录请求。 I have a sign-up activity and a login activity. 我有一个注册活动和一个登录活动。 Currently, I have one account registered on Firebase and use it with my testing. 目前,我在Firebase上注册了一个帐户,并将其用于测试。 I have came to the part of my report that asks about the security aspects I have considered and the app that I have developed when accessed it will show all the data no matter who is logged in. 我来到了报告的一部分,询问我考虑过的安全性方面以及访问时开发的应用程序,无论谁登录,它都会显示所有数据。
Is there any way that I can improve this or how secure is Firebase Authentication? 有什么方法可以改善此问题,或者Firebase身份验证的安全性如何?
1 个解决方案
解决方案1
2 2019-04-08 18:55:43
The Firebase authentication will enable you to let users login using either password, Google sign, Facebook, yahoo, Microsoft, etc.. 通过Firebase身份验证,您可以让用户使用密码,Google登录,Facebook,雅虎,微软等登录。
All the details regarding a user are stored securely in the Firebase servers. 有关用户的所有详细信息都安全地存储在Firebase服务器中。 In your case, you need to determine if the user is logged so he can see any data and you shouldn't show any data to the user unless he is authenticated. 在您的情况下,您需要确定用户是否已登录,以便他可以看到任何数据,并且除非该用户已通过身份验证,否则不应向该用户显示任何数据。
The other solution is to use firebase database and create different parent nodes, example a node called teachers that will contain list of teachers, then you can add the teacher's name as an attribute under a class node and you will be able to retrieve all the classes that the teacher is teaching. 另一种解决方案是使用firebase数据库并创建不同的父节点,例如一个名为teachers的节点,其中将包含教师列表,然后您可以将教师的姓名作为属性添加到班级节点下,并且可以检索所有班级老师在教书。
Thus, only retrieving data related to that specific user. 因此,仅检索与该特定用户有关的数据。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.