Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
V
V
Vanik Khachatryan2018-04-08 18:52:43
Socket.io
Vanik Khachatryan, 2018-04-08 18:52:43

How to protect Socket.io from client injection?

How to make sure that the client cannot call and edit anything through a simple browser console, and protect it from connecting from other sites?

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

3 answer(s)
Report
K
Koteezy, 2018-04-09
@VaniXac

No way. But you can change the subscription data, for example, if you have a channel:
App.User.{userId}
Instead of a user ID, use some hash that will change every few hours. Thus, it is impossible to avoid unauthorized connection to the room, but this will somewhat complicate the process of random connection to rooms.

Report
S
SagePtr, 2018-04-08
@SagePtr

Nothing, everything that a browser can do, the client can do, pretending to be a browser

Report
V
Viktor, 2018-04-09
@Levhav

To protect against connections from other sites, check the Origin header. Of course it can be faked. But regular browsers don't allow modifying this header from JavaScript

Similar questions
T
toddbarry2016-08-10 17:21:04
What are the differences between nginx, tornado, cowboy, node.js? 2Reply
J
jenya77712019-01-17 22:34:25
Why is data not being passed from the Socket.io middleware? 1Reply
A
Albirlak2020-10-30 20:37:27
How to listen to socket.io events of someone else's site? 2Reply
A
Alino4ka2016-09-05 04:09:13
How to implement connection persistence? 2Reply
C
codeZlo2019-02-06 20:19:20
How to properly install SSL certificate with Node.js script (Socket.io)? 2Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question