从JavaScript调用Azure函数以获取SAS令牌会破坏安全性吗? [英] Calling Azure function from a javascript to get SAS Token can breach security?
本文介绍了从JavaScript调用Azure函数以获取SAS令牌会破坏安全性吗?的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
推荐答案
你好Qudir,
Hello Qudir,
据我了解,您有一个Azure函数正在生成SAS令牌,而您的JavaScript客户端正在调用您要保护的函数.
As per my understanding you have a Azure Function which is generating SAS token and your JavaScript client is calling that function which you want to secure.
功能/管理键的确确实是安全的,因此永远不要出现在客户端JavaScript中.
The function/admin key is indeed meant to be secured and hence should never be present in your client-side JavaScript.
最佳做法是,您应始终通过类似以下的代理来调用函数 APIM 或 功能代理.
The best practice is that you should always call functions through a proxy like APIM or Function Proxy.
理想情况下,您还应该启用AD身份验证以提高功能应用程序的安全性.
Ideally, you should also enable AD authentication for better security of your function app.
这篇关于从JavaScript调用Azure函数以获取SAS令牌会破坏安全性吗?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文