pubnub清除消息给#c; chipered"渠道

时间:2014-10-28 21:17:03

标签: encryption pubnub

新的PubNub并对它感兴趣。尝试一些简单的例子来理解

from Pubnub import Pubnub
import sys

SUB_KEY = "xxxxxxxxxx"
PUB_KEY = "yyyyyyyyyy"
CHIPER_KEY = "zzzzzzzzz"
channel = 'hello_world'


pubnub = Pubnub(publish_key=PUB_KEY, subscribe_key=SUB_KEY, cipher_key=CHIPER_KEY,ssl_on=True)

# Listen for Messages
def callback(message, channel):
    try:
       if message == "":
            print ("message not valid")
       else:
            print(message)
            if message['text'] == "close":
                pubnub.unsubscribe(channel=channel)
    except:
        print ("xxx")

def error(message):
    print("ERROR : " + str(message))


def connect(message):
    print("CONNECTED")


def reconnect(message):
    print("RECONNECTED")


def disconnect(message):
    print("DISCONNECTED")

try:
    pubnub.subscribe(channel, callback=callback, error=error, connect=connect, reconnect=reconnect, disconnect=disconnect)
except:
    print "Unexpected error:", sys.exc_info()[0]

我有这个简单的服务器订阅频道并打印出收到的消息。 现在我已经启用了加密功能,在一种情况下,一切工作都更精细,在第二种情况下,它不起作用。更多细节

想象一下,恶意用户可以抓住我的PUB_KEY和频道名称,他可以将消息发布到我的频道。但是,他不知道我的CHIPER_KEY(这不是在任何地方托管,我已经生成并控制它)

在这种情况下我的服务器崩溃:

Exception in thread Thread-2:
Traceback (most recent call last):
  File "/usr/lib/python2.7/threading.py", line 552, in __bootstrap_inner
    self.run()
  File "/usr/lib/python2.7/threading.py", line 505, in run
    self.__target(*self.__args, **self.__kwargs)
  File "/usr/local/lib/python2.7/dist-packages/Pubnub.py", line 1281, in run
    _invoke(self.pubnub.latest_sub_callback['callback'], data)
  File "/usr/local/lib/python2.7/dist-packages/Pubnub.py", line 1254, in _invoke
    func(get_data_for_user(data))
  File "/usr/local/lib/python2.7/dist-packages/Pubnub.py", line 1074, in sub_callback
    _invoke(chobj['callback'], self.decrypt(r),
  File "/usr/local/lib/python2.7/dist-packages/Pubnub.py", line 544, in decrypt
    message = self.pc.decrypt(self.cipher_key, message)
  File "/usr/local/lib/python2.7/dist-packages/Pubnub.py", line 156, in decrypt
    plain = self.depad(cipher.decrypt(decodestring(msg)))
  File "/usr/lib/python2.7/base64.py", line 321, in decodestring
    return binascii.a2b_base64(s)
TypeError: must be string or buffer, not dict

我的理解是,这是失败的,因为收到的消息(明文)是dict而pubnub.py调用的binascii.a2b_base64(s)期望一个字符串(如果消息被加密是一个字符串)

知道如何克服这个问题吗?

非常感谢 安东尼奥

1 个答案:

答案 0 :(得分:0)

它肯定不会在密文上崩溃,这就是一个错误,我们会尽快解决它!

与此同时,为了减少用户获取您的发布密钥,您可以使用PAM进一步确定对渠道的发布(或订阅访问):

https://github.com/pubnub/python/tree/master/python#grant

有关PAM和PubNub安全性的更多信息,请参阅此处:http://www.pubnub.com/docs/java/android/overview/security.html

geremy

相关问题
最新问题