当离线模式处于活动状态时,react-native-firebase 是否安全?
[英]Is react-native-firebase secure when offline mode is active?
问题描述
Where the firebase offline data stored, Is that secure? 
Firebase 离线数据存储在哪里,是否安全? I have some important id like UID which it is available in all user messages ( online, offline ), and actually in firebase security rule I have to check only that.我有一些重要的 ID,比如 UID,它在所有用户消息( online, offline )中都可用,实际上在 firebase 安全规则中我只需要检查它。
I tried to encrypt it, but I faced with decryption in firebase security rule, because there was not any decryption possibilities, so how can I secure the offline data which is available on users phone.我试图加密它,但我在 firebase 安全规则中面临解密,因为没有任何解密的可能性,所以我如何保护用户手机上可用的离线数据。
1 个解决方案
解决方案1
1 2020-02-21 18:39:05
First off: UIDs are not secrets, so in general you can freely share them with other users of the app.首先:UID 不是秘密,因此通常您可以自由地与应用程序的其他用户共享它们。 In fact, that is often necessary to make a meaningful app.事实上,这通常是制作有意义的应用程序所必需的。 See Firebase - Is auth.uid a shared secret?请参阅Firebase - auth.uid 是共享机密吗?
You'll want to always ensure you check any values written and read against the request.auth.uid value, which is automatically populated by Firebase.您需要始终确保根据request.auth.uid值检查写入和读取的任何值,该值由 Firebase 自动填充。 This value comes from the ID token that is sent with each request, and cannot be spoofed by a user.此值来自随每个请求一起发送的 ID 令牌,并且不能被用户欺骗。
Writes to the local cache are not immediately checked against your database's security rules, since those are only enforced once the write reaches the server.不会立即根据数据库的安全规则检查对本地缓存的写入,因为只有在写入到达服务器后才会强制执行这些规则。 But that typically doesn't matter, since it just means that a local user can spoof the data they write to their own cache.但这通常无关紧要,因为这只是意味着本地用户可以欺骗他们写入自己缓存的数据。 If they write something with a different UID there, it'll be rejected once your server-side security rules see the operation.如果他们在那里用不同的 UID 写一些东西,一旦你的服务器端安全规则看到操作,它就会被拒绝。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.