You want to Secure the PubNub Subscriber Key and the Channel Name too. With fine grain read and write access control on a per-connection level you can Provide Authorization and access control to users, devices and channels.
Good Part - With PubNub Access Management and ACL you can prevent someone from setting up their own PubNub client and receive the notifications without any authorization.
This is done with a PubNub auth_key
which is an authenticated access token
managed by your servers. Essentially you want to
Mitigate and Prevent Subscription Sharing for your valuable data on a PubNub Data Stream.
You must treat your PubNub auth_key
the same as you would a secret
intended only for the user.
This is like a Session Key/ID that allows access to a data stream,
similar to the way Netflix, Spotify, Facebook and Gmail
provide a secure access layer.
This is what your JavaScript should look like for safe access controls.
Wohhhh Note - There are no access keys stored in the JavaScript file.
// =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
// Get User Access Keys from Your Server
// =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
console.log('getting user login information');
get_user_access( 'https://myservers.com/user/login/', function(user) {
var pubnub = PUBNUB({
subscribe_key : user.subscribe_key,
auth_key : user.auth_key
});
ready( pubnub, user );
} );
// =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
// Data Stream Connection Ready to Start
// =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
function ready( pubnub, user ) {
console.log('ready to subscribe to data stream channel');
pubnub.subscribe({
channel : user.channels,
message : receiver
});
}
// =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
// Data Stream Payloads Received
// =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
function receiver(data) {
console.log('received secure data payload');
}
What if a user is logging in twice or opens more than one PubNub
data Stream Connection?
If you detect abuse, you can revoke access instantly with
pubnub.revoke()
command.
// =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
// Revoke Access from Your Server
// =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
pubnub.revoke({
channel : 'CHANNEL_NAME',
auth_key : 'BAD_APPLE_AUTH_KEY',
callback : function(m){console.log(m) }
});
Secure PubNub Subscriber Key and Channel Name by Securing Data Streams on PubNub with ACL / Access Management
Also if you are using Node.JS for Access Management Control we have a fun community forum post for you that describes mass grants at a reasonable speed using PubNub Access Manager with Node.JS for both good and for awesome.