What stops malicious users from getting my BRANCH_KEY in my javascript source code

自闭症网瘾萝莉.ら 提交于 2020-06-17 09:36:45

问题


I might be missing something here, but since Branch.IO's Web SDK must run in a browser it exposes my BRANCH_KEY to the user. So what is stopping the user from opening up the source, finding the key and then initializing their own branch and abusing my account by sending SMS messages? Normally if I were worried about exposing an api key I would just handle the api request server side - but Branch.IO doesn't seem to have a Node/Server side SDK to use

EDIT: This is even worse than a malicious user spamming your pre-crafted text messages. I've managed to prove that a malicious user can change the redirect URL links in your text message SOLELY through using the PUBLIC KEY.

来源:https://stackoverflow.com/questions/61760936/what-stops-malicious-users-from-getting-my-branch-key-in-my-javascript-source-co

标签
易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!