显示 sso 密钥是安全问题吗?
[英]Is showing the sso key a security issue?
问题描述
I realized that when we access the URL https://cdns.gigya.com/js/gigya.js?apikey=MY_API_KEY
我意识到当我们访问 URL https://cdns.gigya.com/js/gigya.js?apikey=MY_API_KEY
A SSO KEY is shown, along with baseDomains显示 SSO KEY 以及baseDomains
Are these values something an attacker can exploit?这些值是攻击者可以利用的吗?
Thanks.谢谢。
2 个解决方案
解决方案1
0 2020-10-28 07:52:47
答案必须是三十个字符:答案是“否”。
解决方案2
0 2022-05-31 12:49:05
Gigya API keys are public keys. Gigya API 密钥是公钥。 An attacker can not do anything with the Gigya API keys because even in the case of trying to use them in a Frontend, it won't work because of the domain must be allow-listed in Gigya.攻击者无法使用 Gigya API 密钥做任何事情,因为即使尝试在前端使用它们,它也不会起作用,因为域必须在 Gigya 中列入允许列表。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.