How to use App Check to protect your custom backend
ฝัง
- เผยแพร่เมื่อ 10 ก.ค. 2024
- App Check helps make sure it is your app that is talking to your backend resources and not a malicious actor. Learn to use App Check's new providers across different platforms and secure your custom backend resources. Leverage new features to tune your quota consumption and security.
Chapters:
00:00 - Introduction
00:17 - Firebase Security
00:50 - What is App Check
01:39 - New Attestation Providers
02:03 - New services protected by App Check
03:24 - Demo: Setting up Attestation providers - iOS - App Attest
04:53 - Demo: Setting up Attestation providers - web - reCAPTCHA
05:27 - Setting TTL
07:20 - Enforcing Firestore
07:38 - App Check + Custom Backend Resources
08:35 - Demo: Setting up Custom Backend Attestation - Backend Service
09:31 - Demo: Setting up Custom Backend Attestation - Android
10:06 - Demo: Setting up Custom Backend Attestation - iOS
10:24 - Demo: Setting up Custom Backend Attestation - Web
10:40 - App Check + Apigee
11:26 - Demo: Setting up Apigee
12:44 - Wrap-up
Resources:
App Check → goo.gle/2ZWoF1w
App Check Launch video → goo.gle/3q4JjqU
Speakers:
Tyler Crowe, Ann Zimmer
Watch more:
Watch all Firebase Summit sessions → goo.gle/firebasesummit-all
Subscribe to Firebase → goo.gle/Firebase
Subtitles are available in English, Chinese, Portuguese, Spanish, Korean, Japanese, and Indonesian for this video. Click on the Settings icon in the bottom right corner of the video, and select Subtitles/CC from the menu
#FirebaseSummit
product: Firebase - App Check; event: Firebase Summit 2021; fullname: Tyler Crowe, Ann Zimmer; re_ty: Publish; - วิทยาศาสตร์และเทคโนโลยี
Looking forward to trying this out! Thank you for addressing this need
App Check for Firestore 😍 been waiting for this
Po
How about other languagues like java, the firebase admin library doesn't support app check for verify the token, the rest API doesn't clear and not sure if it have route for validate the token from the client
Why dont you guys offer rate limiting, brute force, and ddos protection mechanisms?
Hi can i use it with api gateway?
Is there any ways to remove appCheck from an app when it has been enabled? Seems like there is nooooo wasy to remove it.
You can go to the App check and your app will be displayed there. It will be in enforced state. You have to click on the Unenforced button. Done!!
Nice feature! But that does not protect from ddos on the Web since it can come from your website.