将数据写入数据库安全问题
我正在为一个Android应用程序进行保存,并计划在准备就绪时将其发布到Google Store。 在这个应用程序播放器中,我正在使用Firebase实时数据库作为我的数据库,这对我来说很好。
我只是想知道这种代码如何被利用多么容易?让我们看看一个示例:
这是一个非常简单的写入firebase数据库中的用户余额部分:
代码(csharp):
dbreference.Child("Players").Child("someplayername").Child("Balance").SetValueAsync(2000);
在安全性方面,该代码有多糟糕?有人可以“挖掘”此.APK应用程序并将其简单地编辑为自己的值?我知道我可以在后端进行这种余额,但是即使是简单的开/关布尔值,仍然必须从用户客户端发送一些值,而后端可以处理其余的...
I am deving an android app, and i am planning to release it to Google Store when ready.
In this app players have balances, i am using Firebase Realtime Database as my database at the moment, which has been serving me well.
I am just wondering that how easily can this kind of code be exploited? Lets see an example:
Here is a really simple write to a user's balance section in Firebase database:
Code (CSharp):
dbreference.Child("Players").Child("someplayername").Child("Balance").SetValueAsync(2000);
How bad is this code in terms of security? Can someone "dig in" to this .apk app and simply edit that to a value of their own? I know i could do this balance add in the back end, but still there has to be SOME value sent from the users client, even if it was a simple ON/OFF boolean, and the back end would handle the rest...
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论