How can I allow my Unity app access to a Firebase realtime Database without user accounts and without public access?
Question
I am using the Firebase Unity SDK (5.4.3). I need the app to access a Realtime Database. Everything works fine when I have access configured to public, but I need to secure the database so it can only be read/modified through the app.
I followed the instructions here: https://firebase.google.com/docs/database/unity/start for allowing the Editor to "configure the SDK to use a service account to run in the Unity Editor." This allows the Unity editor to access the database, but this does not work on device. There are instructions for authenticating users, but I do not want any sort of log in in the app.
In short, how can I allow access through the app but disallow access outside of the app. Can I use a service account on device and how do I configure that?
Thank you.
2 answers
solution1
1 ACCPTED 2019-01-08 22:00:17
As said by Doug Stevenson it is not possible; you either have a public login or a restricted one with authentication.
However I would Simply have one dedicated user like myUnityAppUser with a password like eg 123456 somewhere defined in a script or maybe an additional encryption file somewhere.
Then do the login automatically without user interaction -> send userName+password. The password could still be encrypted etc but this can all be handled by the App itself without you actively doing the login Everytime
Than you make a usual login like eg ( Source )
public void Login(string email, string password)
{
auth.SignInWithEmailAndPasswordAsync(email, password).ContinueWith(task =>
{
if (task.IsCanceled)
{
Debug.LogError("SignInWithEmailAndPasswordAsync canceled.");
return;
}
if (task.IsFaulted)
{
Debug.LogError("SignInWithEmailAndPasswordAsync error: " + task.Exception);
if (task.Exception.InnerExceptions.Count > 0)
UpdateErrorMessage(task.Exception.InnerExceptions[0].Message);
return;
}
FirebaseUser user = task.Result;
Debug.LogFormat("User signed in successfully: {0} ({1})",
user.DisplayName, user.UserId);
SceneManager.LoadScene("LoginResults");
});
}
Now somewhere in your app you simply call
Login ("myUnityAppUset@some.email", "123456");
with the somehow somewhere "hardcoded" (maybe encrypted?) credentials.
Note that it is still possible that someone decompiles the app and can cheat again.
solution2
0 2019-01-08 20:54:18
This is not possible. If you want to restrict who or what can access your Realtime Database (and Cloud Storage, and Firestore), you will need to use Firebase Authentication, and write security rules that lock down access to only users who have logged into your app/game.
Without Firebase Authentication in use, the only access to your database will essentially be public - by anyone who knows the name of your project. Anyone can find out the name of your project simply by reverse engineering your app/game and pulling the configuration information out of it. That configuration information is not private - it is also essentially public information.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.