admin管理员组

文章数量:1415145

I have a very simple Firebase app that is being read and written to via JavaScript all on the client-side. There are no user accounts or server-side applications on my end.

Right now, anyone looking at my JavaScript can copy my Firebase URL and have full read/write access permissions.

Is there any easy way for me to secure this somehow considering I'm doing everything on the client side?

I'm having trouble understanding their documentation and how I can solve this use case.

I have a very simple Firebase app that is being read and written to via JavaScript all on the client-side. There are no user accounts or server-side applications on my end.

Right now, anyone looking at my JavaScript can copy my Firebase URL and have full read/write access permissions.

Is there any easy way for me to secure this somehow considering I'm doing everything on the client side?

I'm having trouble understanding their documentation and how I can solve this use case.

  • javascript
  • firebase
  • firebase-security
Share Improve this question asked Sep 4, 2015 at 16:58 RalphRalph 5171 gold badge6 silver badges16 bronze badges 1
  • Security rules! firebase./docs/security – Kato Commented Sep 4, 2015 at 18:58
Add a ment  | 

1 Answer 1

Reset to default 9

Data access is managed through Firebase's security rules language, that you can find in the Security & Rules tab of your Firebase dashboard.

When you create a new Firebase backend for an app, it defaults to allowing full read/write to everyone. 

{
    "rules": {
        ".read": true,
        ".write": true
    }
}

The simplest possible change is to allow everyone to read, but no-one to write:

{
    "rules": {
        ".read": true,
        ".write": false
    }
}

This way you can only make changes to the data when you're an administrator, i.e. when you're using the Firebase dashboard.

The Firebase documentation has an entire section dedicated to securing your data.

本文标签: javascriptHow can I secure Firebase with an all clientside implementationStack Overflow

版权声明:本文标题:javascript - How can I secure Firebase with an all client-side implementation? - Stack Overflow 内容由网友自发贡献,该文观点仅代表作者本人, 转载请联系作者并注明出处:http://www.betaflare.com/web/1745215988a2648168.html, 本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌抄袭侵权/违法违规的内容,一经查实,本站将立刻删除。