firebase-security

问题 Say I generated an authentication token, and to save on processing and remote calls, I've set it's expiration data some 30 days in the future. Now I want to remove this account from my system, is there a way to revoke the authentication token I have given the client? I don't think that's possible currently, and I can certainly work around that (by not having such high expiration times mostly), but I just wanted to make sure I didn't miss something in the docs. 回答1: You can't really revoke

问题 I'm creating an application which lets users create items and then allow other users to subscribe to those items. I'm struggling to craft a rule that will prevent users from subscribing more than once to an item. Here is an example of my data structure (anonymized, hence the "OMITTED" values): { "OMITTED" : { "name" : "Second", "body" : "this is another", "userName" : "Some User", "userId" : "OMITTED", "created" : 1385602708464, "subscribers" : { "OMITTED" : { "userName" : "Some User",

问题 I want users to be able to create a message (with contact form), but not allow them to read or update. I am adding a new contact as follows: app.firestore().collection("messages").add({ name: this.state.name, subject: this.state.subject, message: this.state.message}); With the following security rules this is allowed: match /messages/{message}{ allow read, delete: if request.auth.uid=="<SOME_ID>"; allow create: if true; } But when I add an update rule like below, I get an unsufficient

问题 Currently I'm designing an application in Swift 3.0 that will be used by a small group up to 100 users. Users will register through a simple registration form using email id and password but Admin will have to approve or reject the user registration request manually. Workflow I can think of is if a user register, admin will get some notification or email that a new user registration request is there and then when admin approve or rejects the user registration request and user will get a email

问题 My firebase database looks like this "students" : { "firebase_key_1" : { "Name" : "blah blah", "Address" : "blah blah", "Roll No" : "blah blah", "Marks" : { "Sub1" : "blah", "Sub2" : "blah", "Sub3" : "blah", "Total" : "Total", }, "class" : "blah blah", "Transportation" : "blah blah", "Department" : "blah blah", }, "firebase_key_2" : { "Name" : "blah blah", "Address" : "blah blah", "Roll No" : "blah blah", "Marks" : { "Sub1" : "blah", "Sub2" : "blah", "Sub3" : "blah", "Total" : "Total", },

问题 I got an email from: saying: (console.cloud.google.com) We noticed that your Google Cloud Project has open project firewalls. This could make your instance vulnerable to compromises since anyone on the internet can access and establish a connection to the instance. The following project has open firewalls: Playchat (ID: playchat-4cc1d) Google Cloud Platform provides the flexibility for you to configure your project to your specific needs. We recommend updating your settings to only allow

问题 Say I have data like so: users{ $authId: { name:"", propertiesById:{ uniqueId1:true, uniqueId2:true } } }, properties:{ uniqueId1:{ key:val }, uniqueId2:{ key:val } } Assuming that I have the proper rules in place for users to be able to only read/write their own user object, how do I go about reading my properties safely? I know that in rules, I can go to root, find the user object and ensure that the property that I'm trying to read exists in the propertiesById, but that seems like it would

问题 Say I have data like so: users{ $authId: { name:"", propertiesById:{ uniqueId1:true, uniqueId2:true } } }, properties:{ uniqueId1:{ key:val }, uniqueId2:{ key:val } } Assuming that I have the proper rules in place for users to be able to only read/write their own user object, how do I go about reading my properties safely? I know that in rules, I can go to root, find the user object and ensure that the property that I'm trying to read exists in the propertiesById, but that seems like it would

问题 Doing CRUD in firebase is pretty easy and neat IMO. But I am confuse on how to protect the whole database. So I have this database rules : { "rules": { ".read": "auth != null", ".write": "auth != null", } } Let's say I have a bunch of data on my database. If the user is not yet authenticated this code firebase.database().ref('/').set(null) is replying a permission_denied error which is normal. But the problem is once a certain user logs in and gets authenticated, this code firebase.database()

问题 I have simple AngularJS app and using Firebase OpenAuth for user authentication. Here is a sample code from plunkr. [http://plnkr.co/edit/ZVfkaJF0g3E5u63J7uHx?p=preview][1] I have to click twice to authData from Google. I don't understand, why I can't get the data on the first click. 回答1: You need to apply digest cycle after receiving an event. $rootScope.$auth.$onAuth(function(authData){ $rootScope.authData = authData; $scope.$apply(); }); Forked Plunkr 来源： https://stackoverflow.com