本文介绍了防止滥用:Firebase的云端功能的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
阻止攻击者反复触发云端函数,导致巨额账单或导致项目进入配额限制的最佳方法是什么?一些想法:
- 使用或触发器尽可能多,因为对这些产品的写入受到这些产品的的保护
- 将功能置于诸如之类的服务之后
- 设置,如果每月账单非常大,则会发送通知
解决方案
查看我的答案。
我的答案中有短暂的细目:
- 限制请求类型
-
- 检查原始地址
- 在
- 之间使用负载平衡器像
希望它有帮助:)
What is the best way to stop an attacker from triggering a Cloud Function repeatedly, causing a huge bill or causing the project to run into quota limits?
Some ideas:
- Use RTDB or Cloud Storage triggers as much as possible, since writes to those are protected by those products' security rules
- Put functions behind a service like Cloudflare
- Set up billing alerts, so a notification is sent if the monthly bill is unusually large
解决方案
Check my answer here.
Short breakdown of items from my answer :
- Limit the type of requests
- Authenticate if you can
- Check for origin
- Use a load balancer in between
- Use something like Cloudflare Page Rules
Hope it helps :)
这篇关于防止滥用:Firebase的云端功能的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!