我是 Firebase 的新手,并尝试使用 AngularFire2 使用 Firebase + Firebase 存储开发 Ionic2 应用程序。
我在 Firebase 数据库中有一些关于存储和 URL 的 PDF。
我通过 Firebase 身份验证在应用程序上有一个经过身份验证的用户。
现在当用户在他/她的手机上下载文件时,系统会得到downloadUrl,聪明的用户可以通过NeoLoad或任何其他工具查看它。然后他可以与任何人共享该直接文件 URL,并在没有应用程序的情况下下载该 pdf。
1-我想知道是否可以仅限制来自应用程序的文件访问,以便即使他必须提交网址,也无法下载。
2- 是否可以生成在一段时间后过期的动态 URL 或仅用户特定的文件 URL?
最佳答案
更新
再看一下这个问题,Firebase 似乎支持签名 URL。您可以使用它们来限制 URL 可用于访问您的文件的时间。由于您只希望他们使用该应用程序,因此它们很快就会过期。您可以在此处阅读有关它们的信息:
Creating Signed URLs with a Program
This page describes how to programmatically create signed URLs, which are a mechanism for query string authentication for buckets and objects. Signed URLs are one way to control access to buckets and objects. A signed URL is associated with a bucket or object and gives time-limited read or write access to that specific resource. Anyone in possession of the URL has the access granted by the URL, regardless of whether they have a Google account.
To learn more about Signed URLs, read the Overview of Signed URLs. To learn how to create signed URLs quickly using gsutil, read Creating Signed URLs with gsutil.
Signed URLs
This page provides an overview of Signed URLs, which is a mechanism for query string authentication for buckets and objects. Signed URLs provide a way to give time-limited read or write access to anyone in possession of the URL, regardless of whether they have a Google account. To learn how to create a Signed URL, read Creating Signed URLs with gsutil and Creating Signed URLs with a Program. To learn about other ways of controlling access to buckets and objects, read Overview of Access Control.
基于文档
Get Started with Storage Security Rules
Understand Firebase Security Rules for Cloud Storage和 Learn to Secure Files
您可以像设置数据库规则一样为 Firebase 存储设置安全规则。这应该可以防止未经身份验证的用户访问您的文件。
希望这可以帮助
关于Firebase 存储安全,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/46039187/