Is it safe to expose IDs in the source code?

amazon-archives / aws-cognito-angular-quickstart

An Angular(v5)-based QuickStart single-page app utilizing Amazon Cognito, S3, and DynamoDB (Serverless architecture)

https://cognito.budilov.com

Apache License 2.0

689 stars 304 forks source link

Is it safe to expose IDs in the source code? #29

Closed speed-of-light closed 7 years ago

speed-of-light commented 7 years ago

Hi, while I am checking the code, I see some IDs are exposed in the file https://github.com/awslabs/aws-cognito-angular2-quickstart/blob/master/src/app/service/cognito.service.ts#L27-L29

Is this a good way to do this or there should have better implementations?

Thanks.

MichaelCPell commented 7 years ago

This is based in NG so I don't think there is any way around it. I believe the place to concern yourself with security is with the Roles assigned to your Cognito User Pool and Federated Identities.

vbudilov commented 7 years ago

@speed-of-light ,

These ids are safe to expose, especially since it's a javascript app and you can't hide them. What's not safe to expose are access keys: http://docs.aws.amazon.com/general/latest/gr/aws-access-keys-best-practices.html

Vladimir