How can I allow my Unity app access to a Firebase

2019-08-21 01:01发布

站内问答 / Unity 3D
1958 2 6

I am using the Firebase Unity SDK (5.4.3). I need the app to access a Realtime Database. Everything works fine when I have access configured to public, but I need to secure the database so it can only be read/modified through the app.

I followed the instructions here: https://firebase.google.com/docs/database/unity/start for allowing the Editor to "configure the SDK to use a service account to run in the Unity Editor." This allows the Unity editor to access the database, but this does not work on device. There are instructions for authenticating users, but I do not want any sort of log in in the app.

In short, how can I allow access through the app but disallow access outside of the app. Can I use a service account on device and how do I configure that?

Thank you.

2条回答
混吃等死
2楼-- · 2019-08-21 01:39

This is not possible. If you want to restrict who or what can access your Realtime Database (and Cloud Storage, and Firestore), you will need to use Firebase Authentication, and write security rules that lock down access to only users who have logged into your app/game.

Without Firebase Authentication in use, the only access to your database will essentially be public - by anyone who knows the name of your project. Anyone can find out the name of your project simply by reverse engineering your app/game and pulling the configuration information out of it. That configuration information is not private - it is also essentially public information.

查看更多
0人赞 添加讨论(0) 举报
Explosion°爆炸
3楼-- · 2019-08-21 01:48

As said by Doug Stevenson it is not possible; you either have a public login or a restricted one with authentication.

However I would Simply have one dedicated user like myUnityAppUser with a password like e.g. 123456 somewhere defined in a script or maybe an additional encryption file somewhere.

Then do the login automatically without user interaction -> send userName+password. The password could still be encrypted etc but this can all be handled by the App itself without you actively doing the login Everytime

Than you make a usual login like e.g. (Source)

public void Login(string email, string password)
{
    auth.SignInWithEmailAndPasswordAsync(email, password).ContinueWith(task =>
    {
        if (task.IsCanceled)
        {
            Debug.LogError("SignInWithEmailAndPasswordAsync canceled.");
            return;
        }
        if (task.IsFaulted)
        {
            Debug.LogError("SignInWithEmailAndPasswordAsync error: " + task.Exception);
            if (task.Exception.InnerExceptions.Count > 0)
                UpdateErrorMessage(task.Exception.InnerExceptions[0].Message);
            return;
        }

        FirebaseUser user = task.Result;
        Debug.LogFormat("User signed in successfully: {0} ({1})",
            user.DisplayName, user.UserId);

        SceneManager.LoadScene("LoginResults");
    });
}

Now somewhere in your app you simply call 

Login ("myUnityAppUset@some.email", "123456");

with the somehow somewhere "hardcoded" (maybe encrypted?) credentials.

Note that it is still possible that someone decompiles the app and can cheat again.

查看更多
0人赞 添加讨论(0) 举报
登录 后发表回答
相关问题
查看全部
相关文章
查看全部
收藏的人(6)