Application Insights的安全性和欺骗 [英] Application Insights security and spoofing
问题描述
这可能是一个愚蠢的问题,但是客户端应用程序见解可以防止欺骗吗? Microsoft要求您在需要记录的HTML页面中添加一些JavaScript,并且其中的一部分包含硬编码的工具密钥(下面不是真正的密钥!):
This may be a silly question but is client side application insights safe from spoofing? Microsoft ask you to add a bit of JavaScript to your HTML page that needs recording and part of this contains a hard coded instrumentation key (not a real key below!):
instrumentationKey: "3D486E8C-BDEF-43AB-B27A-9D3F9D42EC14"
Url和密钥之间似乎没有任何其他关系,也没有任何防止这种密钥客户端欺骗的机制(即,随机生成具有不同编号的密钥并提交页面).
There doesn't seem to be any other relationship between Url and key or any mechanism to prevent spoofing of this key client side (i.e. randomly generating the key with different numbers and submitting the page).
这不会造成任何损害,但是会给接收者带来不正确的监视数据,这很烦人,这很可能就是有人希望因为他们可以"而做的所有事情.
This wouldn't cause any damage, but it would be annoying to the receiver of the incorrect monitoring data, which may well be all someone wants to do "because they can".
我为什么错过了一些基本的东西?
Have I missed something fundamental as to why this is not possible?
推荐答案
虽然并非完全相同,但我相信答案与该答案几乎相同:
While not exactly a duplicate, i believe the answer is pretty much the same as this one:
AI不知道您如何或在何处使用密钥,那么他们将如何知道哪些流量是合法的,哪些流量是不合法的?
AI doesn't know how or where you're using your key, so how would they know which traffic is legitimate and which is not?
这篇关于Application Insights的安全性和欺骗的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
