FCM 安全:防止多个发件人向所有设备推送通知? [英] FCM Security: Prevent multiple senders from pushing notifications to all devices?

问题描述

作为我们解决方案的一部分，我们希望在我们的每个客户站点部署一个 FCM应用服务器".每个客户站点都有自己的用户，他们使用我们的应用程序使用自己的设备.但是，我们希望确保如果客户站点之一遭到入侵，攻击者无法滥用 FCM应用服务器"(例如，通过向所有客户站点的所有设备发送通知).

As part of our solution, we want to deploy an FCM "app server" at each of our customer sites. Each customer site has their own users with their own devices using our app. However, we want to make sure that if one of the customer sites is compromised, an attacker could not abuse the FCM "app server" (e.g. by sending notifications to all devices at all customer sites).

我们没有在所有客户站点之间共享凭据，而是考虑为每个客户站点生成唯一的服务器密钥.这样，如果一个客户站点遭到入侵，我们就可以禁用该服务器密钥并停止发送更多 FCM 通知.

Instead of sharing credentials between all customer sites, we are thinking of generating a unique server key for each customer site. That way if one customer site is compromised, we can disable that server key and stop any more FCM notifications from being sent.

问题:我们能否确定攻击者无法向所有设备发送全局通知?

• 假设攻击者拥有服务器密钥并可以访问一个客户站点app-server"，他们能否获得所有已注册设备的列表?
• 是否有发送到所有设备的默认通知主题"?(例如/topic/all 或/topic/global).如果是这样，我们可以禁用该默认主题吗?

推荐答案

我们不是在所有客户站点之间共享凭据，而是考虑为每个客户站点生成唯一的服务器密钥.这样，如果一个客户站点遭到入侵，我们就可以禁用该服务器密钥并停止发送任何 FCM 通知.

如果我们正在考虑为每个客户站点生成一个唯一的服务器密钥"，您的意思是您只需为每个客户站点创建一个 Firebase 项目，那么我认为这是正确的方法.

If by "we are thinking of generating a unique server key for each customer site" you mean that you'll simply create a Firebase Project for each customer site, then I think this is the correct approach.

我们能否确定攻击者无法向所有设备发送全局通知?

应用程序可以通过实现 getToken(authorizedEntity, scope) 来接收来自不同发件人的消息，这将为每个发件人生成不同的令牌.为了否定这个动作，你可以简单地调用deleteToken(authorizedEntity, scope)(我的参考).

An app can receive messages from a different Sender by implementing the getToken(authorizedEntity, scope) which will generate a different token for each Sender. In order to negate this action, you could simply call deleteToken(authorizedEntity, scope) (my reference).

这将使相应发件人的令牌无效(这是他们可能拥有的并且应该是他们应用服务器上唯一的令牌)，这将自动禁止他们接收到您的应用的消息.

This would invalidate the token for that corresponding sender (which is what they probably have and should be the only one on their App Server), which would automatically disable them for receiving messages to your App.

因此，只要您能够将它们作为有效的发件人从您的应用中删除，那就没问题了.

So as long as you're able to remove them as a valid sender from your app, then it's all good.

假设攻击者拥有服务器密钥并可以访问一个客户站点app-server"，他们能否获得所有已注册设备的列表?

这取决于应用服务器的实现方式.如果客户的应用服务器仅用于发送消息，但令牌存储在其他地方，则可能不会.没有 API 可以根据服务器密钥在服务器端检索应用程序的注册令牌(请参阅此处的 #1).

This depends on how the App Server is implemented. If the customer's App server is only used for sending messages, but the tokens are stored elsewhere, then probably no. There is no API to retrieve registration tokens on the server side for an App based on the Server Key (see #1 here).

是否有发送到所有设备的默认通知主题"?(例如/topic/all 或/topic/global).如果是这样，我们可以禁用该默认主题吗?

没有.可以选择通过 Firebase 通知控制台向特定应用发送通知，但如果应用未授权与该项目对应的发件人 ID，它将不会收到来自该项目的任何消息.我在发布之前测试了这种行为，所以我很肯定这是它的工作原理.

There isn't. There is the option to send a Notification to a specific app via the Firebase Notifications Console, but if the app doesn't authorize the Sender ID corresponding to that project, it won't receive any messages from it. I've tested this behavior out before posting, so I'm positive that this is how it works.

这篇关于FCM 安全:防止多个发件人向所有设备推送通知?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！