问题
I am using aws cognito service for authentication with Unity3D. I wonder whether there is security problem if 'identity-pool id' is hardcoded to script. For the security, how do deveopers implement? Is there anybody to suggest?
回答1:
If you plan on releasing the source code, exposing identities and authentication information is a bad idea.
What you could do is make your code to fetch the Identity Pool ID from a separate file and commit that file that has the connection string, or in this case, your Identity Pool ID - but commit it with a template ID. Not the real one. After you've committed it you can use .gitignore to ignore that file and then change it to the real ID.
This way no one will see your ID, it's easy to manage and easy for others that are Forking/cloning your project understand what they need to do.
This is also a good practice if you, for instance, work together and everyone is for instance using a personal license or similar.
来源:https://stackoverflow.com/questions/40777433/hard-coding-identity-pool-id-for-aws-cognito-is-dangerous-in-security