firebase-security

问题 I have been using firebase chat and firepad for real time functionality in My Web Application which has multiple pages like a forum. I started using the Firebase SimpleLogin too.I am able to login as a user and get the auth object which has the uid,id etc info. 1)Now if the user traverses to another page(i.e a new url(same application) is loaded ),does the authentication persist ? Ofcourse as we are manually doing the authentication by calling ref.login(),how can we know if the user is logged

问题 I am having trouble imagining what the security rules would look like for an application that looks like this: One firebase with multiple chatrooms. A moderator authenticates via a separate PHP application. Moderators only have permission to modify their own chat room, they can read, write, update, and delete anything within their chat room. Guests arrive and authenticate via the separate PHP application. Guests have read and write access, but may not delete anything. My questions right now

问题 I'm using Firebase for my app and was wondering how to block certain users. I see on the Auth tab of the console, there are "delete" and "disable" options. What do those do? I haven't been able to find documentation on that. Will one of those allow me to block a user? What I mean by blocking a user is for the ".read": "auth != null" rule to prevent him from accessing data on the database 回答1: The disable feature consist in preventing that user to authenticate. So if he tries to authenticate

问题 i am building a chat android app that allows users to chat where users can create account and use all the features. It's about to be completed but there's a problem, actually a question. Is firebase on android safe ? In my firebase database, i have created a rule as follow: { "rules": { ".read": "auth != null", ".write": "auth != null" } } Now, this rule will reject any non authenticated users from accessing the data and pushing data or deleting any of it. But, when user creates an account on

问题 I posted a question about this yesterday but I'm creating a new one with more details. Firestore .setData is blocked by update rule not create I've run the simulator and the rules work there. Also when I create the document and change setData in the swift code to update the code works. It appears to only fail when creating the document. But the catch is that when I remove the update rule or simply change it to allow update: if false; the setData (or seen as create by the rules) executes

问题 ^([-+]?)([\d]{1,2})(((\.)(\d+)(,)))(([-+]?)([\d]{1,3})((\.)(\d+))?)$ I am trying to use this regex above to be able to confirm that the data is a valid coordinate. I am having trouble getting this to work with Firebase rules. When i run the regex in an online regex tester, it works okay, but Firebase rules doesn't seem to accept it. Here is my firebase rule: ".validate": "newData.isString() && newData.val().matches(/^([-+]?)([\d]{1,2})(((\.)(\d+)(,)))(([-+]?)([\d]{1,3})((\.)(\d+))?)$/)" Is

问题 ^([-+]?)([\d]{1,2})(((\.)(\d+)(,)))(([-+]?)([\d]{1,3})((\.)(\d+))?)$ I am trying to use this regex above to be able to confirm that the data is a valid coordinate. I am having trouble getting this to work with Firebase rules. When i run the regex in an online regex tester, it works okay, but Firebase rules doesn't seem to accept it. Here is my firebase rule: ".validate": "newData.isString() && newData.val().matches(/^([-+]?)([\d]{1,2})(((\.)(\d+)(,)))(([-+]?)([\d]{1,3})((\.)(\d+))?)$/)" Is

问题 im currently setting up a dialogflow bot (for faq and contact) and the fulfillment / data storage is being done in firebase firestore using google cloud functions (nodejs). Obviously I would like to have security rules, limiting the access to the database to only dialogflow. Could anyone point me in the right direction how I would go about doing this? The examples I found, were all check regarding something stored in the database, which wouldn't work in my case..? 回答1: Security rules are only

问题 Because according to several sources; How to avoid reverse engineering of an APK file? it's impossible to prevent an app from being reverse engineered, and Firebase app tokens are stored in the APK source, how won't attackers get these credentials and destroy a Firebase database? My concern is that there's no controller available to the developer between the native App and Firebase database ( Unless one routes requests from e.g Android App to their own server then to Firebase, which would

问题 Note: This question is tagged polymer because the Polymer library is used to generate the Javascript. This question is about two different but related problems dealing with Firebase security. Problem 1 and Problem 2 seem to suggest opposite realities and opposite results when trying to get the Firebase security rules to work. (FWIW: Here is my prior unsuccessful attempt to write this question.) Here is the live code in a JSBin. http://jsbin.com/hinehoyigo/edit?html,output Problem 1 Firebase