firebase-security

问题 I am getting the error below when testing Firebase authentication We have blocked all requests from this device due to unusual activity. Try again later. How do I fix this without deleting any data? There has to be a way to enable development/testing this stuff. 回答1: You're seeing this error because of sending too many auth requests from or using one IP address for a given period of time. Firebase auth requests are limited for security purposes. In order to avoid this error in the future, I'd

问题 I'm trying to create a website that uses Firebase's databases to store user information. I want to use unique usernames. I have two indexes, one for users and another for usernames. My database is structured like this: users { $uid { username: "username1", gender: "xyz" email: "xyz" } }, usernames { "username1": $uid" } The users claim a username with their $uid. These are my rules: { "rules": { "users": { "$uid": { ".write": "auth !== null && auth.uid === $uid", ".read": "auth !== null &&

问题 I have been struggling to grasp an understanding from recent researching of how to implement to grant different access levels to certain users in my system. I want to be able to grant one user read access and another with read/write referencing their uid. What work is required to implement this? Do I need to restructure my DB and how are my JSON rules structured? UPDATE - Implemented new rules and db structure Current DB reference for store 01 - database = FirebaseDatabase.getInstance()

问题 So I have this db structure: Under profile I want email & provider-name to be readable only for admin and Username readable for every logged in user. How I can achieve that? Here is my rules: { "rules": { "users": { "$uid": { // grants write access to the owner of this user account whose uid must exactly match the key ($uid) ".write": "auth !== null && auth.uid === $uid", "profile": { // grants read access only for registered users ".read": "auth !== null", "email": { // This doesn't work

问题 I am developing a hobby project using Firebase and some Node.JS running on Google App Engine as backend. I am a real newbie in this area, and also just hear about Firebase a month ago. My question relates to how various "things" can be secured from user actions, even though Firebase is running as JS on client-side. I am aware that the DB and Storage can be secured using logical rules - that is in place. My question rather concerns the actions an user can perform with firebase.auth() and

问题 As mentioned here, in the specific scenario of having Groups with private files , it looks like there is really no "good" solution to use Storage Security Rules without using User Claims . There are some workarounds in that thread though, but aren't good solutions for my case. So I was wondering, if I add an UUID as post-fix to the file paths (which I currently do for uniqueness, e.g. groups/{groupId}/images/{imageId}/imageName-{UUID}.png ), could it work as a way of security through

问题 I know there are several questions regarding this (e.g. https://stackoverflow.com/a/52808572/3481904), but I still don't have a good solution for my case. My application has Groups , which are created/removed dynamically, and members (users) can be added/removed at anytime. Each Group has 0..N private files (Firebase Storage), saved in different paths (all having the prefix groups/{groupId}/... ). In Firestore Security Rules, I use get() & exists() to know if the signed-in-user is part of a

问题 I am using Firebase in my android project where every user will have his details stored like name, phone number, video_url, thumbnail_url etc. Now the way I have used it before in my previous projects is as shown in the pic- I did not use the Firebase's auto generated id/Hash but used email id instead. It was easier for me that way. But someone told me that it is unsafe to use emails instead of autogenerated hash/ids and the recommended way is to use hashes. So the question is, is it really

问题 I asked this question about my Firebase implementation. Essentially, I was trying to structure my Firebase database so that I could have a collection of objects, with some users accessing a subset of these objects. In my example, I have tasks. Multiple users will use this database, and per Firebase's suggestion, all the tasks for all users are flattened as children of one parent node. Each user can access their own tasks, indicated by a creatorId in a task object. Perhaps in the future

问题 I've seen that the new Firebase documentation doesn't include the Bolt rules section. Anyone know if they are deprecated or unsupported? 回答1: Bolt is a research only project and learning from the language was incorporated into firebase storage security rules (https://firebase.google.com/docs/storage/security/). There is no official support for bolt. 来源： https://stackoverflow.com/questions/37638885/are-firebase-bolt-rules-deprecated