I want to prevent nifty mbaas impersonation Push communication

Asked 2 years ago, Updated 2 years ago, 122 views

I am currently developing a mobile app with monaca (HTML+CSS+Javascript).

■ The final configuration is expected to be as follows:
Mobile Application <-->nifty mbaas<-->Self server
I would like to run the program regularly on my server and send Push to the mobile app accordingly.

■ Concerns
In order to use nifty mbaas, the monaca app contains the
Client Key Application Key
You need to write it down, but if you unzip the app you built with monaca, you will see everything inside.

Client Key Application Key, if present,
It seems that I can use the REST API to communicate with the impersonation push.
Could you tell me how to prevent it?
Is there any misunderstanding in the first place?

■ Supplemental
There is this issue ↓ in the official community.

[Past Questions] Consultation on security measures #29
https://github.com/NIFTYCloud-mbaas/UserCommunity/issues/29

I understand that ACL configuration can prevent data leakage, but
Push communication did not find ACL configuration.

Also, I understand that there is a way to encrypt the source code with the crypto plug-in of cordova.
I'd like to know how to deal with nifty mbaas.

javascript monaca baas

2022-09-29 21:40

1 Answers

I couldn't get an answer, so
I asked a question separately from the nifty_mbaas official website
We have received a response from a representative.

I will write it down in the official community.
https://github.com/NIFTYCloud-mbaas/UserCommunity/issues/472

Thank you for your interest in this matter.


2022-09-29 21:40

If you have any answers or tips


© 2024 OneMinuteCode. All rights reserved.