firebase-security

问题 Firebase offers 'Simple Login' in which email/password is used for authentication. Does anyone know if firebase salts and hashes the password before storing it? I imagine that firebase would know enough to do so, but I just wanted to make sure, because I could not find anything on this after an hour of searching. Anticipated follow up: If firebase in fact does not salt+hash the passwords, would the Simple Login work if I took the user's password, salted+hashed, and passed it onto firebase to

问题 Firebase offers 'Simple Login' in which email/password is used for authentication. Does anyone know if firebase salts and hashes the password before storing it? I imagine that firebase would know enough to do so, but I just wanted to make sure, because I could not find anything on this after an hour of searching. Anticipated follow up: If firebase in fact does not salt+hash the passwords, would the Simple Login work if I took the user's password, salted+hashed, and passed it onto firebase to

问题 Firebase offers 'Simple Login' in which email/password is used for authentication. Does anyone know if firebase salts and hashes the password before storing it? I imagine that firebase would know enough to do so, but I just wanted to make sure, because I could not find anything on this after an hour of searching. Anticipated follow up: If firebase in fact does not salt+hash the passwords, would the Simple Login work if I took the user's password, salted+hashed, and passed it onto firebase to

问题 I have a code in Firestore security rules like this (showing only relevant parts): match /users/{userId} { function isUserDisabled(userId) { return get(/databases/$(database)/documents/users/$(userId)) .data.admin == true; } allow read: if true; allow write: if request.auth.uid == userId && !isUserDisabled(userId); match /posts/{postId} { allow read: if true; allow write: if request.auth.uid == userId && !isUserDisabled(userId); } } isUserDislabled() is a function that will be called in

问题 I have studied the answer to this question (which has an extremely similar title): Per field rules in Firestore Security Rules. The solution in that case was to make a field unmodifiable, I do not think that is what I am after here. I have a posts collection with a data structure as follows. { uid: string, // this is the original poster's UID title: string, content: string, likesCount: number, likerUIDs: string[] } I would like to restrict writes to the title and content fields to users with

问题 I know this question has been frequently asked, however the solutions proposed did not solve it for me. I tried to set-up a basic iOS Firestore app which writes some documents inside a collection. I followed the standard procedure, added the GoogleService-Info.plist to my project and I'm calling `FirebaseApp.configure() on launch. My Firestore rules look like this: service cloud.firestore { match /databases/{database}/documents { match /{document=**} { allow read, write: if request.auth !=

问题 I know this question has been frequently asked, however the solutions proposed did not solve it for me. I tried to set-up a basic iOS Firestore app which writes some documents inside a collection. I followed the standard procedure, added the GoogleService-Info.plist to my project and I'm calling `FirebaseApp.configure() on launch. My Firestore rules look like this: service cloud.firestore { match /databases/{database}/documents { match /{document=**} { allow read, write: if request.auth !=

问题 My Firebase web app requires administrator access, i.e., the UI should show a few things only for admins (an 'administrator' section). I came up with the below as a means to authorize the UI to display the admin section for valid admins only. My question is, good or bad? Is this a sound means of authorizing? ...so many ways to do this. This particular way requires me to configure admins in the security rules (vs in a node/tree in a db/firestore) My idea is that if the .get() fails due to

问题 consider this data structure referenced on the Firebase quick start guide (here) {"name": {"first": "Fred","last": "Flintstone"} The docs say that one can access the datasnapshot location of each child object of "name" returned from a query using: var ref = new Firebase("https://docs-examples.firebaseio.com/samplechat/users/fred"); ref.once("value", function(snapshot) { var nameSnapshot = snapshot.child("name"); var name = nameSnapshot.val(); name === { first: "Fred", last: "Flintstone"} var

问题 I want to define a rule that allows a user only to update his own items and an admin to update all. As uid_of_logged_in_administrator I should be able to update both items/item__1 and items/item__2 - this works. As uid_of_logged_in_user I should be allowed to update items/item__1 but not items/item__2 - this does not. Obviously the problem is I do not know what the data type [ Cloud Firestore references ] represents in rules. I've read through the documentation on rules and been trying