LocalBroadcastManager 和可能的安全相关问题
LocalBroadcastManager and possible security related issues
以下是我打算如何做的事情:
我有我的 Activity,我在其中注册了 BroadcastReceiver
private LocalBroadcastManager localBroadcastManager;
private BroadcastReceiver broadcastReceiver = new BroadcastReceiver() {
@Override
public void onReceive(Context context, Intent intent) {
//handle received data
}
}
@Override
protected void onCreate(Bundle savedInstanceState) {
....
LocalBroadcastManager = LocalBroadcastManager.getInstance(context);
IntentFilter intentFilter = new IntentFilter();
intentFilter.addAction(ACTIVITY);
localBroadcastManager.registerReceiver(broadcastReceiver, intentFilter);
}
我有一个 IntentService 可以从网络上获取数据并进行处理。在下载数据和处理完成期间,服务通过发送广播消息通知 activity 它正在做什么。下载数据和处理可能需要一段时间,具体取决于数据的大小。例如,最多可能需要 20 分钟。
localBroadcastManager.sendBroadcast(new Intent(ACTIVITY).putExtra(ACTION, value));
通过在服务的 onStartCommand 中注册接收者,activity 将类似的方法用于向 IntentService 发送消息。
这已经过测试并且工作正常。我已经阅读了有关全局 BroadcastManager 和 LocalBroadcastManager 的信息,我担心这种方法的安全性。请记住,我的需求与服务和 activity 之间的通信严格相关,在这两种方式中,主要使用可打包对象。
我的问题是:
使用 LocalBroadcastManager 将数据从服务发送到 activity 会出现哪些安全问题?是否存在数据可能泄露给其他应用程序的情况? LocalBroadcast 真的是本地的吗?处理后的数据是私有的,这就是我担心的原因。
服务与activity之间是否有更优化的通信方式?
What security issues could arise by sending the data from the service
to activity using LocalBroadcastManager? Are there any situations
where the data may leak to another app? Is LocalBroadcast really
local? The processed data is private and that is why I have my
concerns.
广播仅限于您应用程序的进程。不用担心。
Is there a more optimal way of communication between service and
activity?
另一种方法是对服务进行投标并注册一个委托人。我宁愿坚持 LocalbroadcastManager
- 正如 documentation 所说:
This has a number of advantages over sending global broadcasts with
sendBroadcast(Intent):
You know that the data you are broadcasting won't leave your app, so
don't need to worry about leaking private data.
It is not possible for
other applications to send these broadcasts to your app, so you don't
need to worry about having security holes they can exploit.
It is more
efficient than sending a global broadcast through the system.
- 有一种更高级的方法可以在服务和活动之间建立联系:Service Binding(另请查看附加说明!)
对于 Intent,您只能使用 Bundle 在 activity 和服务之间传递数据,而对于绑定,情况并非如此。
以下是我打算如何做的事情:
我有我的 Activity,我在其中注册了 BroadcastReceiver
private LocalBroadcastManager localBroadcastManager;
private BroadcastReceiver broadcastReceiver = new BroadcastReceiver() {
@Override
public void onReceive(Context context, Intent intent) {
//handle received data
}
}
@Override
protected void onCreate(Bundle savedInstanceState) {
....
LocalBroadcastManager = LocalBroadcastManager.getInstance(context);
IntentFilter intentFilter = new IntentFilter();
intentFilter.addAction(ACTIVITY);
localBroadcastManager.registerReceiver(broadcastReceiver, intentFilter);
}
我有一个 IntentService 可以从网络上获取数据并进行处理。在下载数据和处理完成期间,服务通过发送广播消息通知 activity 它正在做什么。下载数据和处理可能需要一段时间,具体取决于数据的大小。例如,最多可能需要 20 分钟。
localBroadcastManager.sendBroadcast(new Intent(ACTIVITY).putExtra(ACTION, value));
通过在服务的 onStartCommand 中注册接收者,activity 将类似的方法用于向 IntentService 发送消息。
这已经过测试并且工作正常。我已经阅读了有关全局 BroadcastManager 和 LocalBroadcastManager 的信息,我担心这种方法的安全性。请记住,我的需求与服务和 activity 之间的通信严格相关,在这两种方式中,主要使用可打包对象。
我的问题是:
使用
LocalBroadcastManager将数据从服务发送到 activity 会出现哪些安全问题?是否存在数据可能泄露给其他应用程序的情况? LocalBroadcast 真的是本地的吗?处理后的数据是私有的,这就是我担心的原因。服务与activity之间是否有更优化的通信方式?
What security issues could arise by sending the data from the service to activity using LocalBroadcastManager? Are there any situations where the data may leak to another app? Is LocalBroadcast really local? The processed data is private and that is why I have my concerns.
广播仅限于您应用程序的进程。不用担心。
Is there a more optimal way of communication between service and activity?
另一种方法是对服务进行投标并注册一个委托人。我宁愿坚持 LocalbroadcastManager
- 正如 documentation 所说:
This has a number of advantages over sending global broadcasts with sendBroadcast(Intent):
You know that the data you are broadcasting won't leave your app, so don't need to worry about leaking private data.
It is not possible for other applications to send these broadcasts to your app, so you don't need to worry about having security holes they can exploit.
It is more efficient than sending a global broadcast through the system.
- 有一种更高级的方法可以在服务和活动之间建立联系:Service Binding(另请查看附加说明!)
对于 Intent,您只能使用 Bundle 在 activity 和服务之间传递数据,而对于绑定,情况并非如此。