Firebase服务器密钥和发件人ID公开 [英] Firebase server key and sender id exposed to public

问题描述

在客户端js代码中公开Firebase云消息传递服务器密钥(旧版)和发件人ID是否保存?如果攻击者获得了这些密钥的访问权，攻击者会造成什么损失?

Is it save to expose firebase cloud messaging server key (legacy) and sender id in client js code ? If an attacker gain access to those keys what damage can attacker do ?

推荐答案

正如密钥名称所暗示的那样，FCM服务器密钥应仅在服务器(或其他受信任的环境，例如Cloud Functions)上使用.拥有此密钥的任何人都可以向您应用的所有用户发送消息.

As the name of the key already implies, the FCM server key should only be used on a server (or an otherwise trusted environment, such as Cloud Functions). Anyone who has this key can send messages to all users of your app.

这篇关于Firebase服务器密钥和发件人ID公开的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！