问题
For a side-project that is about to launch, I want to set-up a signup form where people can show their interest in getting an invite. I use Firestore for the application and want to create a new collection where I store all the potential users.
As this form is published on the company website, I can not use security rules using authentication, as everybody has to be able to submit the form. For this reason, the write permission is public.
Are there any measures I could take to prevent a smart user to infinitely make write requests? I aim to keep the sign-up process as accessible as possible.
Thank you!
回答1:
As Doug explained in the comments, it is not possible to protect the Firestore database other than using security rules. In order to do so, Firebase Authentication is required. For more information, visit: https://firebase.google.com/docs/firestore/security/rules-conditions#authentication
In my case: I applied Frank's advice (see comments) and implemented anonymous authentication to limit the number of writes possible per user. Thank you!
来源:https://stackoverflow.com/questions/57674753/protect-firestore-database-from-attack