问题
If one integrates this config in JS, won't it be a security concern as any one can open the JS file, get access to this details and access my firebase DB?
var config = {
apiKey: "xxxx",
authDomain: "xxx.firebaseapp.com",
databaseURL: "https://xxx.firebaseio.com",
storageBucket: "xxx.appspot.com",
messagingSenderId: "0000"
};
How does one make sure it's secure?
回答1:
That's just so the client can identify your app. Even the apiKey is more like a reference and less like a secret password so don't worry. You can use this to instantiate many apps inside a single file. (see https://firebase.google.com/docs/web/setup)
// Intialize the "[DEFAULT]" App
var mainApp = firebase.intializeApp({ ... });
// Intialize a "Secondary" App
var secondaryApp = firebase.initializeApp({ ... }, "Secondary");
...
mainApp.database().ref("path/to/data").set(value);
secondaryApp.database().ref("path/to/data").set(anotherValue);
Now, the heart of Firebase security are the Firebase Realtime Database Rules. Learn them here: https://firebase.google.com/docs/database/security/
The Firebase Realtime Database Rules are expressed in a JSON-like format, so you should be creating some for yourself in no time!
来源:https://stackoverflow.com/questions/39673620/need-help-in-understanding-firebase-config-security