为什么我必须对注册令牌保密? [英] Why must I keep the registration token secret?
问题描述
根据此链接,必须保留注册令牌机密.
According to this link, the registration token must be kept secret.
注册令牌:FCM SDK为每个客户端应用程序实例生成的ID.单个设备和设备组消息传递是必需的.请注意,注册令牌必须保密.
Registration token: An ID generated by the FCM SDK for each client app instance. Required for single device and device group messaging. Note that registration tokens must be kept secret.
令牌有多敏感?拥有注册令牌的任何人都可以将通知发送到设备吗?还是该令牌专用于我的项目?
How sensitive is the token? Can anyone with the registration token send notifications to the device? Or is the token specific to my project?
如果其他人持有设备注册令牌,会有什么风险?
What are the risks if some else gets hold of a device registration token?
推荐答案
令牌有多敏感?拥有注册令牌的任何人都可以将通知发送到设备吗?还是该令牌专用于我的项目?
并非如此.如果与注册令牌不相关的发件人发送消息,则他们将收到
Not really. If the a sender not associated with the registration token sends a message, then they're going to receive an error:MismatchSenderId:
注册令牌绑定到特定的发送者组.客户端应用程序注册FCM时,必须指定允许哪些发件人发送消息.将消息发送到客户端应用程序时,应使用这些发件人ID之一.如果您切换到其他发件人,则现有的注册令牌将不起作用.
A registration token is tied to a certain group of senders. When a client app registers for FCM, it must specify which senders are allowed to send messages. You should use one of those sender IDs when sending messages to the client app. If you switch to a different sender, the existing registration tokens won't work.
如果以此为基础,看来将注册令牌保密是很重要的.但是,如果发生未经授权的用户可以访问发送消息的情况,如果他不知道/没有注册令牌,那将毫无用处,那该怎么办?只是将其视为另一种安全措施.
If you base it from that, it does seem that keeping the registration token a secret is not that much of a thing. But what if a scenario happens that an unauthorized user gets an access to send messages, if he doesn't know/have the registration tokens, then it's pretty much useless. Just think of it as another safety measure.
如果其他人持有设备注册令牌,会有什么风险?
在我上面提到的场景中,如果某人(未经授权的用户)有权发送消息和注册令牌,那么他们几乎可以向其发送任何内容.
From the scenario I mentioned above, if someone (unauthorized users) got access to send messages and the registration tokens, then they can pretty much send anything towards it.
这篇关于为什么我必须对注册令牌保密?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
