将数据写入数据库安全问题
[英]Writing data to database security question
问题描述
I am deving an android app, and i am planning to release it to Google Store when ready.
我正在开发一个 android 应用程序,并计划在准备好后将其发布到 Google Store。 In this app players have balances, i am using Firebase Realtime Database as my database at the moment, which has been serving me well.在这个应用程序中,玩家有余额,我现在使用 Firebase 实时数据库作为我的数据库,这一直很好地为我服务。
I am just wondering that how easily can this kind of code be exploited?我只是想知道这种代码有多容易被利用? Lets see an example:让我们看一个例子:
Here is a really simple write to a user's balance section in Firebase database:这是对 Firebase 数据库中用户余额部分的非常简单的写入:
Code (CSharp):代码(CSharp):
dbreference.Child("Players").Child("someplayername").Child("Balance").SetValueAsync(2000);
How bad is this code in terms of security?这段代码在安全性方面有多糟糕? Can someone "dig in" to this .apk app and simply edit that to a value of their own?有人可以“挖掘”这个 .apk 应用程序并简单地将其编辑为他们自己的值吗? I know i could do this balance add in the back end, but still there has to be SOME value sent from the users client, even if it was a simple ON/OFF boolean, and the back end would handle the rest...我知道我可以在后端添加这个平衡,但仍然必须从用户客户端发送一些值,即使它是一个简单的 ON/OFF 布尔值,后端将处理其余的......
0 个解决方案
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.