Is it possible in any way for a photon to check from which device a posted event is coming, other than having it encoded in event name or data fields? ie. is there some additional meta send along with the post to subscribed devices, which is for example available for webhooks?
context:
for a freshman course (Design Engineering for Physics Students) I’m teaching that had to move to an online / at home format because of the corona measures, we are building a de-centralised Rube Goldberg machine where each student group makes a part of the machine at home, that get’s triggered by an online signal and in the end, they hand off the signal to the next group.
given my students, there is a fair chance some of them will try to “troll” by posting events to trigger other groups before their time, thus breaking the chain.
I could, in theory, work with random strings for both topic and data, which I hand out to individual groups, so they don’t know what topic to listen to for the other groups. However, for overview and simplicity of the entire endeavour, it would be easier if they all could subscribe to the same topic, but than only react of a message comes from my central device.
I (don’t think) I can work with products, since they need the freedom to upload their own code to the Photon…
However, for the firmware on the device this is not as straight forward. Originally ther was a version of Particle.subscribe() planned that only reacts events of a specific device.
This feature was then burried but now I see it "reappearing" in CLI
thanks! That is interesting, so the message send from the server to all subscribers must contain the ID of the original device if the CLI can filter on it (right?)!
The webhook only allows you to subscribe / react to your own devices (if I’m correct) and in my use case my students will “own” their device on their own account…
interesting! I checked with my second account and this is a way to get the ID of a device you do not own.
(I got a personal account for tinkering at home and a second one for all the devices I use for education)
Not sure if that constitutes a security risk.
It does mean that device ID of sending device is available at the photon at some point, just not (as far as I can see) in the current implementation of Particle.subscribe().
This is when you send an event PUBLIC (which unfortunaltely is the default when not providing the scope parameter - although that should have been changed with 0.8.0 and 1.0.0 respectively)
Hence you will find multile posts in this forum where we encourage people to explicitly state that an event is meant to be PRIVATE.
However, someone knowing your device ID is not considered a noteworthy security risk.