FCM安全性:防止多个发件人将通知推送到所有设备? [英] FCM Security: Prevent multiple senders from pushing notifications to all devices?
问题描述
不是在所有客户站点之间共享凭据,而是为每个客户站点生成唯一的服务器密钥。这样,如果一个客户的网站被入侵,我们可以禁用该服务器密钥,并停止发送更多的流量管理通知。
问题:我们可以确定攻击者无法将全局通知发送到所有设备?
- 假设攻击者拥有服务器密钥并访问一个客户站点应用程序服务器,他们可以得到所有注册设备的列表?
- 是否有一个默认通知主题发送到所有设备? (例如/ topic / all或/ topic / global)。如果是这样,我们可以禁用该默认主题吗?
解决方案
与其在所有客户站点之间共享凭据,我们正在考虑为每个客户站点生成一个唯一的服务器密钥。这样,如果一个客户网站遭到入侵,我们可以禁用该服务器密钥,并停止发送更多的FCM通知。
<如果按照我们正在考虑为每个客户网站生成一个唯一的服务器密钥,则表示您只需为每个客户网站创建一个Firebase项目,那么我认为这是正确的方法。
我们可以确定攻击者无法向全部设备发送全局通知吗?
应用程序可以通过执行
getToken(authorizedEntity,scope)来接收来自其他发件人的消息会为每个发件人生成不同的标记。为了否定这个动作,你可以直接调用deleteToken(authorizedEntity,scope)(
$ b这会使相应发件人的标记无效(这是他们可能拥有的,应该是在他们的应用程序服务器上唯一的一个),它会自动禁用它们接收消息到你的应用程序。
所以只要你能够删除它们作为一个有效的假设攻击者拥有服务器密钥并访问一个客户站点应用程序 - 服务器,他们可以得到所有注册设备的列表?
这取决于应用程序服务器实现。如果客户的App服务器仅用于发送消息,但令牌存储在别处,那么可能不会。没有API可以在服务器端检索基于服务器密钥的应用程序的注册令牌(在此处查看#1) 。
是否有一个发送到所有设备的默认通知主题? (例如/ topic / all或/ topic / global)。如果是的话,我们可以禁用这个默认主题吗?
没有。可以选择通过Firebase通知控制台向特定应用程序发送通知,但如果应用程序未授权与该项目对应的发件人ID,则不会收到任何消息。在发布之前,我已经测试了这个行为,所以我确信这就是它的工作方式。
As part of our solution, we deploy want to deploy an FCM "app server" at each of our customer sites. Each customer sites has their own users with their own devices using our app. However we want to make sure that if one of the customer sites is compromised, an attacker could not abuse the FCM "app server" (e.g. by sending notifications to all devices at all customer sites).
Instead of sharing credentials between all customer sites, we are thinking of generating a unique server key for each customer site. That way if one customer site is compromised, we can disable that server key and stop any more FCM notifications from being sent.
Question: Can we be sure that an attacker cannot send global notifications to all devices?
- Assuming an attacker has a server key and access to one customer site "app-server", can they get a list of all the registered devices?
- Is there a default notification "topic" that sends to all devices? (e.g. /topic/all or /topic/global). If so, can we disable that default topic?
解决方案Instead of sharing credentials between all customer sites, we are thinking of generating a unique server key for each customer site. That way if one customer site is compromised, we can disable that server key and stop any more FCM notifications from being sent.
If by "we are thinking of generating a unique server key for each customer site" you mean that you'll simply create a Firebase Project for each customer site, then I think this is the correct approach.
Can we be sure that an attacker cannot send global notifications to all devices?
An app can receive messages from a different Sender by implementing the
getToken(authorizedEntity, scope)which will generate a different token for each Sender. In order to negate this action, you could simply calldeleteToken(authorizedEntity, scope)(my reference).This would invalidate the token for that corresponding sender (which is what they probably have and should be the only one on their App Server), which would automatically disable them for receiving messages to your App.
So as long as you're able to remove them as a valid sender from your app, then it's all good.
Assuming an attacker has a server key and access to one customer site "app-server", can they get a list of all the registered devices?
This depends on how the App Server is implemented. If the customer's App server is only used for sending messages, but the tokens are stored elsewhere, then probably no. There is no API to retrieve registration tokens on the server side for an App based on the Server Key (see #1 here).
Is there a default notification "topic" that sends to all devices? (e.g. /topic/all or /topic/global). If so, can we disable that default topic?
There isn't. There is the option to send a Notification to a specific app via the Firebase Notifications Console, but if the app doesn't authorize the Sender ID corresponding to that project, it won't receive any messages from it. I've tested this behavior out before posting, so I'm positive that this is how it works.
这篇关于FCM安全性:防止多个发件人将通知推送到所有设备?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
