从JavaScript调用Azure函数以获取SAS令牌会破坏安全性吗? [英] Calling Azure function from a javascript to get SAS Token can breach security?

问题描述

推荐答案

你好Qudir，

Hello Qudir,

据我了解，您有一个Azure函数正在生成SAS令牌，而您的JavaScript客户端正在调用您要保护的函数.

As per my understanding you have a Azure Function which is generating SAS token and your JavaScript client is calling that function which you want to secure.

功能/管理键的确确实是安全的，因此永远不要出现在客户端JavaScript中.

The function/admin key is indeed meant to be secured and hence should never be present in your client-side JavaScript.

最佳做法是，您应始终通过类似以下的代理来调用函数 APIM 或 功能代理.

The best practice is that you should always call functions through a proxy like APIM or Function Proxy.

理想情况下，您还应该启用AD身份验证以提高功能应用程序的安全性.

Ideally, you should also enable AD authentication for better security of your function app.

这篇关于从JavaScript调用Azure函数以获取SAS令牌会破坏安全性吗?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！