问题描述

在我的firebase应用程序中，用户供稿中填充了帖子，但是显示了帖子的用户名.但是，用户名位于快照内部，但是在应用程序中没有显示该用户名的位置.如果不应该将用户名传输到客户端的设备，是否安全?最好从posts节点的快照中删除用户名，然后创建一个具有每个帖子用户名的单独节点，并在每次需要时访问用户名，以便在填充用户feed时不发送用户名在快照中?

In my firebase app, a users feed is populated with posts, however the usernames of the posts are displayed. However, the username is inside of the snapshot, but there is no place where it is displayed in the app. Is it secure to have the username transferred to the client's device if they are not supposed to be able to access it? Would it be better to remove the username from the snapshot in the posts node and instead create a separate node which has the username for each post, accessing the username each time it is needed so that when a users feed is populated the username is not sent in the snapshot?

推荐答案

用户可以在该设备上访问任何传输到该设备的数据.如果您希望某些数据不可访问，请不要将其传输到客户端.

Any data that is transferred to the device, can be accessed by the user on that device. If you want certain data to be non-accessible, don't transfer it to the client.

执行此操作的一种常见方法是制作一个仅包含公开可读信息的额外节点.有关此示例，请参见:

A common way to do this is to make an extra node that contains only the information that is publicly readable. For some example of this, see:

• Firebase:如何构建公共/私有用户数据
• 如何创建公共/私人用户带有Firebase安全规则的配置文件?
• 如何使用Firebase创建公共/私有用户配置文件?
• 设为公开简介和不公开轮廓为4+角

这篇关于Firebase快照中的非显示数据安全吗?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持！