本文介绍了如何安全地允许用户从Firebase队列中删除响应？的处理方法，对大家解决问题具有一定的参考价值，需要的朋友们下面随着小编来一起学习吧！ 问题描述 限时删除！！ 我将Firebase与Angular2和Firebase-queue一起用作批处理服务器。 客户端将任务发送到服务器，并等待响应。 / p> 客户端可以使用请求ID读取响应。但是，那么响应会发生什么？我猜只有客户端可以删除它，但是我真的不喜欢把 .write 给客户端。 所以我试图找出一种方法来保证这个 .write 访问权。 问题：是否可以给 .read 和 .write 只能访问拥有请求密钥的用户？ 响应本身，甚至是 / responses 节点对于其他节点都是不可读的。 > 我试图避免人们（恶意）在用户阅读之前删除响应。 解决方案这里 如果我只希望auth用户能够使用它，我应该使用以下规则吗？ respond：{.read：false，.write：false， $ response：{.read：auth！= null，.write：auth！= null，} } I'm using Firebase with Angular2 and Firebase-queue as a batch server.Clients send tasks to the server and sometime they are waiting for a response.Client can read the response using the request id. But then, what happens to the response ? I guess only the client can delete it but I don't really like to give .write to the client.So I'm trying to figure out a way to secure this .write access.Question: Is It possible to give .read and .write access only to the user that own the request key?The response itself and even the /responses node would not be readable for the others.I'm trying to avoid people(evil) deleting responses before the user can read it. 解决方案 Frank van Puffelen answered the response here.If I only want auth user to able to use it, I should use the following rules right?"responses": { ".read": "false", ".write": "false", "$responses": { ".read": "auth != null", ".write": "auth != null", }} 这篇关于如何安全地允许用户从Firebase队列中删除响应？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持！ 1403页，肝出来的..