硬编码"身份池id'对于 'aws cognito'安全有危险吗?
我正在使用 aws cognito 服务对 Unity3D 进行身份验证.我想知道如果 'identity-pool id' 被硬编码到脚本中是否存在安全问题.为了安全,开发者是如何实现的?有人推荐吗?
I am using aws cognito service for authentication with Unity3D. I wonder whether there is security problem if 'identity-pool id' is hardcoded to script. For the security, how do deveopers implement? Is there anybody to suggest?
如果您打算发布源代码,那么公开身份和身份验证信息是个坏主意.
If you plan on releasing the source code, exposing identities and authentication information is a bad idea.
你可以做的是让你的代码从一个单独的文件中获取身份池 ID,并提交具有连接字符串的文件,或者在这种情况下,你的身份池 ID - 但使用模板 ID 提交它.不是真正的.提交后,您可以使用 .gitignore 忽略该文件,然后将其更改为真实 ID.
What you could do is make your code to fetch the Identity Pool ID from a separate file and commit that file that has the connection string, or in this case, your Identity Pool ID - but commit it with a template ID. Not the real one. After you've committed it you can use .gitignore to ignore that file and then change it to the real ID.
这样就没有人会看到您的 ID,这很容易管理,也很容易让正在分叉/克隆您的项目的其他人了解他们需要做什么.
This way no one will see your ID, it's easy to manage and easy for others that are Forking/cloning your project understand what they need to do.
例如,如果您一起工作并且每个人都使用个人许可证或类似许可证,那么这也是一个很好的做法.
This is also a good practice if you, for instance, work together and everyone is for instance using a personal license or similar.