问题
I am making a mobile app with Firestore and React Native.
There is no authentication system and upon starting the app, the user download a collection from Firestore.
rules_version = '2';
service cloud.firestore {
match /databases/{database}/documents {
match /{document=**} {
allow read: if true;
}
}
}
As of right now, the rule allows everyone to read from the database. Is it possible/advisable to limit the traffic to only our mobile app?
回答1:
It's not possible to use security rules to limit access to a certain app. If your rules allow read access without requiring a sign-in using Firebase Authentication, then anyone with an internet connection can perform reads.
Minimally, you could require anonymous authentication. But that still would not stop someone from creating an account and using that to read everything without going through the app.
来源:https://stackoverflow.com/questions/62665107/firestore-add-security-rule-to-allow-reads-only-from-mobile-app