开发者

Socket.io Security Issues

开发者 https://www.devze.com 2023-04-05 16:26 出处:网络
I\'m wondering how I could secure my socket.io connection to the server from th following. Security Issues:

I'm wondering how I could secure my socket.io connection to the server from th following.

Security Issues:

  • What would stop malicious users from connecting to the socket server via client side code?

Example:

OUTSIDE DOMAIN REQUEST var socket = io.connect('http://Mydomain', {port: 4000});
  • Users 开发者_StackOverflowcan seemingly create thousands of concurrent connections just by opening a different browser window.

How can I prevent these issues?


You should be able to check serverside that the HTTP referrer is correct. Check the socket.io spec for info on both http referring as well as handshaking.

https://github.com/socketio/socket.io-protocol

Also 0.8 has referrer verification. Havent used it before, but this may be a place to start looking:

https://github.com/LearnBoost/socket.io/pull/481


Well, if your (real) clients are coming from a well know location, you'd probably want to to block everyone else at the firewall level. Assuming your service is available to everyone, you can probably look into client-server handshake mechanism.

0

精彩评论

暂无评论...
验证码 换一张
取 消