// docs / baas security
Nchekwa BaaS
Ikpo okwu Backend-as-a-Service — Supabase, Firebase, Clerk, Auth0 — na-elekọta akụkụ nke ngwa nke ngwa ihe nkuzi koodu AI na-emetụ aka kacha nwayọọ: nchekwa larịị ahịrị, iwu nchekwa, nhazi nke onye na-enye njirimara, na ndị igodo na-eziga na nchọgharị. Akụkụ a bụ ọba akwụkwọ lekwasịrị anya na ihe nhazi adịghị mma ndị a dị ka ha n'ezie n'ime mmepụta na otu esi achọta ma dozie ha. Edemede ọ bụla na-akwụsị na nyocha otu pịa nke nrụnye nke gị.
// supabase rls scanner
Sikana RLS Supabase: chọta tebụl na-enweghị ma ọ bụ nke gbajiri agbaji nchekwa larịị ahịrị
Ihe nyocha RLS na-anaghị eme ihe nwere ike igosi site n'èzí nke ọdụ data, ụdị anọ nke RLS gbajiri agbaji nke ngwa ihe nkuzi koodu AI na-emepụta site na ndabara, otu nyocha FixVibe
baas.supabase-rlssi arụ ọrụ, na SQL kpọmkwem itinye ozugbo achọtara amụma na-efu efu.Nyochaa ngwa gị maka RLS na-efu efu →
// service role key exposure
Igodo ọrụ-eke Supabase ekpughere na JavaScript
Ihe igodo ọrụ-eke bụ, ihe kpatara na ọ ga-ahapụ ibi na nchọgharị, na ụzọ atọ ngwa ihe nkuzi koodu AI si eziga ya na mmepụta na-amaghị ama. Gụnyere ọdịdị JWT nke na-amata igodo gbasara, nrụnye mmeghachi omume ozugbo, na otu nyocha ngwakọta FixVibe si ejide ya.
Lelee ma nzuzo ezigara n'ime ngwakọta gị →
// storage hardening
Akwụkwọ ndepụta nchekwa ihe nchekwa Supabase
Akwụkwọ ndepụta lekwasịrị anya nke ihe 22 maka iwusi Supabase Storage ike — ọhụụ bọket, iwu RLS na tebụl
objects, nyocha ụdị MIME, njikwa URL bịanyere aka, usoro mgbochi ngụgharị, na ọcha ọrụ. Ihe ọ bụla bụ otu ihe ị nwere ike imecha n'ime nkeji 5-15.Nyochaa bọket ọha na ihe nchekwa enwere ike ịdepụta anon →
// firebase rules scanner
Sikana iwu Firebase: chọta Firestore, Realtime Database, na iwu Nchekwa mepere emepe
Otu sikana iwu Firebase si arụ ọrụ site n'èzí, ụdị ọnọdụ ule nke ngwa AI na-emepụta, ọrụ Firebase atọ nke ọ bụla chọrọ nyocha iwu nke ya (Firestore, Realtime Database, Nchekwa), na ihe nyocha nwere ike igosi enweghị nkwenye.
Lelee maka iwu ọgụgụ/ide mepere emepe →
// rule syntax explainer
Firebase allow read, write: if true akọwapụtara
Ihe iwu
allow read, write: if true;n'ezie na-eme, ihe kpatara Firebase na-ezigara ya dị ka ndabara ọnọdụ ule, omume kpọmkwem onye na-awakpo na-ahụ, na ụzọ anọ iji dochie ya na iwu dị mma maka mmepụta. Gụnyere ajụjụ nyocha detịnye-mapụta na atụmatụ nrụzigharị nzọụkwụ ise.Nyochaa URL mmepụta gị →
// clerk hardening
Akwụkwọ ndepụta nchekwa Clerk
Akwụkwọ ndepụta ihe 20 maka iwusi nlikọta Clerk ike — ọcha igodo gburugburu, ntọala oge, nyocha webhook, ikike nzukọ, mkpebi nha JWT, na nleba anya ọrụ. Ihe tupu mmalite na nke na-aga n'ihu agbakọrọ na mpaghara.
Lelee nhazi adịghị mma njirimara/oge →
// auth0 hardening
Akwụkwọ ndepụta nchekwa Auth0
Nyocha Auth0 nke ihe 22 na-ekpuchi ụdị ngwa na inye, ndepụta okwukwe nkpọghachi/ọpụpụ, mgbanwe token nrụgharị, nchekwa ọrụ omenala, RBAC na sava akụrụngwa, nchọpụta nke ihe ọhụụ, na nleba anya ndekọ onye ọkụ. Na-ejide ihe ngwa SaaS AI mepụtara na-efu mgbe niile.
Lelee nkpughe onye na-enye njirimara →
// umbrella scanner
Sikana nhazi adịghị mma BaaS: chọta ụzọ data ọha gafee Supabase, Firebase, Clerk, na Auth0
Ihe kpatara ndị na-eweta BaaS ji ada nchekwa n'otu ụdị, klas nhazi adịghị mma ise nke ngwa BaaS ọ bụla chọrọ ịnyocha, otu nyocha umbrella FixVibe BaaS si arụ ọrụ gafee ndị na-eweta anọ niile, ntụnyere n'akụkụ na akụkụ nke ihe sikana ọ bụla nwere ike igosi, na ntụnyere ziri ezi na Burp, ZAP, na ngwá ọrụ SAST.
Chọta ụzọ data ọha tupu ndị ọrụ →
Ihe na-abịa n'ihu
Edemede ndị ọzọ lekwasịrị anya na BaaS na-erute ebe a ka injin nyocha FixVibe na-eto eto nkwado ya. Ndekọ mgbanwe injin nyocha na-edekọ nchọpụta ọhụrụ ọ bụla — debanye aha ya maka akwụkwọ ndekọ na-aga n'ihu nke ihe FixVibe nwere ike igosi ugbu a site n'èzí.