Menu
My app initializes PubNub with a hard-coded subkey and pubkey, then subscribes/publishes to a channel. How can I prevent someone from reverse engineering my app, collecting the sub/pub keys, and publishing garbage information to my channels?
597
There is no absolute way to hide your keys but you can manage how authenticated users access (use) your keys. PubNub's Access Manager provides a means for you to implement permissions that are granted to a auth-key for the channels that an end user will need to access (publish, subscribe, etc).
Permissions are read (subscribe and query), write (publish and update) and manage (add channels to channel groups). You will grant these permissions for each channel and channel group that the end user will need to work with and the auth-key you provide to the end user will be a parameter in the PubNub initialization which will be passed to PubNub with every PubNub operation invoked by that end user.
The above is a bit high level but this is a thorough discussion about hiding keys/managing access between Stephen Blum (@PubNub) and Phil Leggetter (@leggetter) - both respected and prominent thought leaders in the realtime data stream network space among other areas.
195
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
