【问题标题】:What should I do if a Firebase security rule letter arrives? [duplicate]如果收到 Firebase 安全规则信函,我该怎么办? [复制]
【发布时间】:2020-05-26 06:16:13
【问题描述】:

到达邮件需要做什么?

规则:

rules_version = '2';
service cloud.firestore {
  match /databases/{database}/documents {

    // This rule allows anyone on the internet to view, edit, and delete
    // all data in your Firestore database. It is useful for getting
    // started, but it is configured to expire after 30 days because it
    // leaves your app open to attackers. At that time, all client
    // requests to your Firestore database will be denied.
    //
    // Make sure to write security rules for your app before that time, or else
    // your app will lose access to your Firestore database
    match /{document=**} {
      allow read, write: if request.time < timestamp.date(2020, 2, 15);
    }
  }
}

值得担心吗?如果什么都不做,这会破坏应用程序吗?

【问题讨论】:

    标签: firebase google-cloud-firestore firebase-security


    【解决方案1】:

    您的安全规则设置为在规则中指定的日期拒绝对您的数据库的所有访问:

    timestamp.date(2020, 2, 15)
    

    现在是 2020 年 2 月 15 日。这可能会使您的应用停止工作。

    如果你愿意,你可以把日期往回调,但你绝对应该实施适当的规则,这样你的数据库就不会被任何有互联网连接的人读写。

    【讨论】:

      猜你喜欢
      • 2013-12-17
      • 1970-01-01
      • 1970-01-01
      • 2016-05-17
      • 1970-01-01
      • 2019-12-30
      • 2022-07-25
      • 2017-08-07
      相关资源
      最近更新 更多