问题描述
Firebase 最佳实践文档中有关于将 Firebase 用于多租户应用程序的警告:https://firebase.google.com/docs/projects/learn-more#multi-tenancy
There is a warning on the Firebase best practices documentation against using Firebase with multi-tenant applications: https://firebase.google.com/docs/projects/learn-more#multi-tenancy
这是我最关心的:多租户会导致严重的配置和数据隐私问题,包括分析聚合、共享身份验证、过于复杂的数据库结构以及安全规则困难等意外问题."Identity Platform 看起来应该涵盖除分析聚合和数据库结构之外的所有内容,但我可以控制分析日志记录,而且我的数据库结构足够简单,按租户划分干净.我的应用程序是一种常见应用程序,但包含租户数据和用户(通过 Google Identity Platform 管理).
This is what I am most concerned about: "Multi-tenancy can lead to serious configuration and data privacy concerns problems, including unintended issues with analytics aggregation, shared authentication, overly-complex database structures, and difficulties with security rules." Identity Platform looks like it should cover everything except analytics aggregation and database structures, but I can control analytics logging and my database structure is simple enough, being divided cleanly by tenant. My application is one common application, but has tenanted client data and users (managed via Google Identity Platform).
还有大量 Google 官方文档支持使用 Firebase 进行多租户:https://cloud.google.com/identity-platform/docs/multi-tenancy-authentication.还有很多关于如何使用 Firebase 和 Google 身份提供商设置多租户的示例.
There is also plenty of official Google documentation supporting the use of Firebase for multi-tenancy: https://cloud.google.com/identity-platform/docs/multi-tenancy-authentication . There are also dozens of examples out there for how to set up multi-tenancy with Firebase and Google Identity Provider.
你知道为什么他们会有这些相互矛盾的建议和例子吗?使用 Google Identity Platform 是否可以修复警告中提到的核心安全缺陷?这让我强烈考虑放弃 Firebase,鉴于它为我提供的功能,这将是一种耻辱.
Do you know why they would have these conflicting recommendations and examples? Does use of Google Identity Platform fix the core security deficits mentioned in the warning? It has me strongly considering abandoning Firebase, which would be a shame given the features it gives me.
推荐答案
建议不要绑定到 Firebase、GCP 或 Google.这是通用的.如果你把所有的数据放在同一个包里,只做逻辑隔离,那只是逻辑上的,不像不同的项目那么强.
The recommendation is not bind to Firebase, or GCP, or Google. It's generic. If you put all your data in the same bag, with only a logical isolation, it's only logical, not strong as different projects.
因此,很容易在所有租户数据中犯错误和使用、删除、更新、弄乱.万一发生攻击、泄露、重大BUG,可以通过几个小租户来减少爆炸半径.
Thus, it's easy to make a mistake and to use, delete, update, make the mess, in all the tenant data. In case of attacks, leak, major bug, you can reduce the blast radius by having several small tenant.
这是在执行更多管理(因为您有很多租户)和更高风险(多租户项目,崩溃是戏剧性的)之间的权衡.它还取决于您的应用程序类型和上下文.这是推荐,不是义务!
It's a tradeoff between more management to perform (because you have a lot of tenant) and a higher risk (multi-tenant project, the crash is dramatic). It also depends on your application type and context. It's a recommendation, not an obligation!
这篇关于为什么 Google 在自己的多租户应用程序文档中不推荐 Google Firebase?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!