保护壁垒规则
我已经在Firebase实时数据库中编辑了规则,如下所示:
{
"rules": {
"poyntkds": {
"kdsOrderStatus": {
"$uid":{
".read":"$uid === $uid",
".write":"$uid === $uid",
},
".indexOn": ["id", "forDate"]
}
}
},
}
我认为这样做,我只允许特定的商人($ uid)可以访问/读取他的数据。但是,我仍然收到电子邮件,说壁炉规则并不安全。有没有更好的方法来改善我的数据库的安全性?
I have edited the rules in my firebase real-time database as follows:
{
"rules": {
"poyntkds": {
"kdsOrderStatus": {
"$uid":{
".read":"$uid === $uid",
".write":"$uid === $uid",
},
".indexOn": ["id", "forDate"]
}
}
},
}
I think by doing this I am allowing only the particular merchant($uid) to have access to write/read his data. But still, I am getting emails that the firebase rules are not secure. Is there a better way to improve the security for my database?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
“ $ uid === $ uid”这将始终是正确的,因为它只能检查用户试图访问的数据的钥匙是否等于本身,因此它是不安全的。如果您试图检查该密钥是否与用户的UID相等,请尝试以下规则:这些规则将允许读/写时,仅当
$ UID与用户的UID相同,因此是安全的。您可以在"$uid === $uid"this will always be true because it just checks if the key of data a user is trying to access is equals to itself and hence it's insecure. If you are trying to check if that key is equal to user's UID then try the following rules:These rules will allow read/write only when
$uidis same as user's UID and hence are secure. You can read more about security rules in the documentation.