科技改变生活-雨落星辰 - 所有的伟大,都源于一个勇敢的开始

    最新消息:雨落星辰是一个专注网站SEO优化、网站SEO诊断、搜索引擎研究、网络营销推广、网站策划运营及站长类的自媒体原创博客
    你的位置: 首页>programmer>javascript - how to hide pubnub keys when using JS - Stack Overflow

    javascript - how to hide pubnub keys when using JS - Stack Overflow

    programmeradmin2浏览0评论

    I opened a ticket in pubnub and also read:

    But I still can't understand how can I stop the user from seeing my keys as it is still on client side even after obfuscation.

    What I want to do is something I read in this post: PubNub publish message between two Private Channels

    1. Create a public channel and a private the channel for each user
    2. Hide the keys from the user

    I'm not sure how to create a private channel with custom keys that the user can't see.

    EDIT: I was able to understand the flow of auth_key but can't find the php equivalency for the JS crypto lib to grant permission. any idea on how to implement it in PHP?

    I opened a ticket in pubnub and also read: https://help.pubnub./entries/22251291-Can-I-Hide-my-Application-Keys-

    But I still can't understand how can I stop the user from seeing my keys as it is still on client side even after obfuscation.

    What I want to do is something I read in this post: PubNub publish message between two Private Channels

    1. Create a public channel and a private the channel for each user
    2. Hide the keys from the user

    I'm not sure how to create a private channel with custom keys that the user can't see.

    EDIT: I was able to understand the flow of auth_key but can't find the php equivalency for the JS crypto lib to grant permission. any idea on how to implement it in PHP?

    • javascript
    • php
    • mysql
    • publish-subscribe
    • pubnub
    Share Improve this question edited May 23, 2017 at 11:54 CommunityBot 11 silver badge asked Jan 12, 2014 at 8:19 Danny ValariolaDanny Valariola 1,1185 gold badges26 silver badges41 bronze badges 1
    • We are working on a PHP $pubnub->grant() and $pubnub->revoke() lib and will be ready later today or early tomorrow. – Stephen Blum Commented Jan 14, 2014 at 22:50
    Add a ment  | 

    2 Answers 2

    Reset to default 6

    You can't hide keys that are transmitted to the client and are accessible in JavaScript.

    However, what you can do is restrict who can read and write to channels by using an auth_key along with your publish and subscribe keys. PubNub recently released the PubNub Access Manager to enable this. The auth_key will be specific to each user.

    1. The users auth_key will allow that user to read and write to their own private channel. You will need to set permissions so that nobody else will be able to read or write to this channel.
    2. The users auth_key will give them permission to read and write to their own public channel. Others can read, but cannot write to this channel.

    Details on exactly how to do this should probably be asked in another question. The PAM getting started guide should be the best place to start.

    Hiding Your API Keys with PubNub JS SDK

    与本文相关的文章

    发布评论

    评论列表(0)

    1. 暂无评论