Firebase 安全规则 - Unity

Question

I have not implemented Firebase Auth in my application. So not able to provide security rules to it.As authentication is neccessary for providing read and write rules. Now Firebase is sending Security warnings for it. Is there any way that i can dodge these warnings without implementing Auth in my app? As now it will require many more rework.

Answer 1

I get that it can be annoying to implement rules, but there's really no other way to secure your database. The moment you share your game with anyone, they'll have enough information to write into your Database.

At this point, there are a few things you can do:

1) if you only need to read from the database, you can write something like:

{
    "rules": {
        ".read": true,
        ".write": false
    }
}

And you'd only be able to update it via the console or with the admin SDK (say via Cloud Functions ).

2) Anonymous authentication is really easy to do (effectively three lines of code) and would let you get a little more verbose for your rules. This is the rules I use for a game with anonymous authentication (it's a joke "pig clicker" game mimicking "cow clicker", so you can click on one of your pigs to change its color but other users can only see the color of your pig).

{
  "rules": {
    "pigs": {
      ".read": true,
      ".write": "auth.uid != null"
    },
    ".read": false,
    ".write": false
  }
}

This would make it so you could only write into /pigs/${auth.UserId} , and authentication would be as simple as:

var auth = FirebaseAuth.DefaultInstance;
if (auth.UserId == null) {
    await auth.SignInAnonymouslyAsync();
}

Let me know if that helps!

--Patrick