问题
I'm integrating firebase dynamic linking for Android & iOS application. What I found is query parameter I passed in link attribute is not safe. I can copy link form debug detail (by appending ?d=1 at the end of deep link).
My understanding says we should not pass any important information here as query parameter, but is there way to safeguard this !!
回答1:
Its only as secret as a regular link - so if you wouldn't pass some important detail in a standard URL, then don't put it in a dynamic link. If you have some secret information, it is always best to link that to a proper auth system.
If you write the data into a system like Firestore or the Realtime Database you can use security rules to restrict its access, then pass a reference in the dynamic link parameters. The specifics of what to restrict in the rules will depend on your use case.
来源:https://stackoverflow.com/questions/49188083/is-this-safe-to-pass-query-parameter-in-firebase-dynamic-link-attribute