I'm wondering how I could secure my socket.io connection to the server from th following.
Security Issues:
- What would stop malicious users from connecting to the socket server via client side code?
Example:
OUTSIDE DOMAIN REQUEST var socket = io.connect('http://Mydomain', {port: 4000});
- Users can seemingly create thousands of concurrent connections just by opening a different browser window.
How can I prevent these issues?
asked Sep 16, 2011 at 21:12
Trevor
1,4056 gold badges20 silver badges32 bronze badges
-
look at github.com/LearnBoost/socket.io/wiki/Authorizing and inspect user's address (ip) and header request via socket.handshake or global authorizeKing Friday– King Friday2012年10月01日 00:31:13 +00:00Commented Oct 1, 2012 at 0:31
2 Answers 2
You should be able to check serverside that the HTTP referrer is correct. Check the socket.io spec for info on both http referring as well as handshaking.
https://github.com/socketio/socket.io-protocol
Also 0.8 has referrer verification. Havent used it before, but this may be a place to start looking:
Musa Haidari
2,2836 gold badges34 silver badges54 bronze badges
answered Sep 17, 2011 at 1:00
wesbos
26.4k31 gold badges109 silver badges144 bronze badges
Sign up to request clarification or add additional context in comments.
1 Comment
Trevor
Thanks, but what if there are multiple connections from the same user?
Well, if your (real) clients are coming from a well know location, you'd probably want to to block everyone else at the firewall level. Assuming your service is available to everyone, you can probably look into client-server handshake mechanism.
Comments
lang-js