将我的API密钥存储在Firebase远程配置中明智吗?

huangapple go评论63阅读模式
英文:

Is it wise to store my API keys in Firebase Remote Config?

问题

我想知道将我的敏感API密钥存储在Firebase远程配置中的全部优缺点是什么。

我知道Flutter Secure Storage可以在运行时加密和解密敏感数据,但大多数来源都建议将API密钥存储在服务器上而不是客户端。如果我将API密钥存储在FIREBASE REMOTE CONFIG上,会有什么风险,我可能会得到什么,以及可能会失去什么。谢谢。

英文:

I would like to know what the full pros and cons are for storing my SENSITIVE API KEYS AT Firebase Remote Config.

I am aware of flutter secure storage which encrypts and decrypts sensitive data at Runtime, but most sources suggest it is always safer to store api keys on the server rather than on the client.
What risks are involved if I store my API keys at FIREBASE REMOTE CONFIG and what do I stand to gain and lose.Thanks

答案1

得分: 0

建议不仅仅是将数据存储在服务器上,还要仅在服务器上使用它。每当您在应用程序中使用敏感数据,例如通过远程配置将其发送到设备时,恶意用户可能会访问它。

泄露API密钥的风险取决于该特定API密钥允许恶意用户访问的内容。例如,如果用户获取了Firebase云消息传递所使用的所谓服务器密钥,他们可以使用它向您的任何用户发送消息。但如果他们获取了您的Google Cloud项目的管理凭据,他们可以随心所欲地使用整个项目。

请注意,Firebase的客户端配置数据不是保密的,详细信息请参阅此处:https://stackoverflow.com/questions/37482366/is-it-safe-to-expose-firebase-apikey-to-the-public/37484053#37484053

还请参考以下链接:

英文:

The recommendation is not so much to just store the data on the server, but also to only ever use it on the server. Any time you use sensitive data inside your application, such as when you send it to the device through Remote Config, a malicious user may gain access to it.

The risk of leaking an API key depends on what that specific API key allows a malicious user to access. For example, if a user gains access to the so-called server key that is used by Firebase Cloud Messaging, they can use it to send messages to any of your users. But if they gain access to the administrative credentials of your Google Cloud project, they can do with that entire project whatever they want.

Note that Firebase's client-side configuration data is not a secret, as explained here: https://stackoverflow.com/questions/37482366/is-it-safe-to-expose-firebase-apikey-to-the-public/37484053#37484053

Also see:

huangapple
  • 本文由 发表于 2023年5月17日 14:56:53
  • 转载请务必保留本文链接:https://go.coder-hub.com/76269295.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定