android - Firestore Rules to give data access to specific app
问题描述
I am currently building two apps(admin and customer) and both have added in a single firebase project. Both apps are using Firebase Auth(Phone Number) registration process. The admin app is mostly saving details in Firestore DB and the customer app is only can fetch these details for viewing purposes.
Currently, I don't define any rules for them as I am a little new in Firestore/Firebase Rules. But I am wondering to add some rules which will give permission to fetch only those apps which I have added in the same Firebase project where my admin app is. I may be wrong but I think anyone can able to access my admin data by if they will get those names or keys which I am using in my Collections.
So is there any way or rules which will give the data accessing permission to specific apps that I have added in my same firebase project?
解决方案
There is no way to limit access to "just this app" in Firebase security rules. Anyone can take the configuration data from your app and use it to call the same API as you app uses.
For this reason you will need to make sure that your security rules model the logic that you want. You'll typically replicate some of the data access logic between your client-side application code, and the server-side security rules. This means that you're modeling who can take certain actions, not what code/application they use to do that.
Also see:
推荐阅读
- javascript - Discord bot 不是从 heroku 开始的
- jquery - 如何返回 jQuery 提示内容的值
- javascript - 在 Sanctum 中使用代币进行授权
- mysql - 复杂关系 TypeORM / MySQL
- python - 尝试使用 csv 模块时出现“AttributeError:部分初始化模块‘csv’”
- python - 在 tkinter 中清除以前的标签
- javascript - 元素在数组中被放置了两次,即使我只是在 Nextjs/React App 中添加了一次
- java - 找到结果后 Java 跳出 for 循环
- python - 当只能通过遍历发现数据结构时,如何使用 Python 枚举有向无环图结构中的所有路径?
- java - 如何显示共享相同属性的对象列表?