Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
V
V
Vanik Khachatryan2018-04-08 18:52:43
Socket.io
Vanik Khachatryan, 2018-04-08 18:52:43

How to protect Socket.io from client injection?

How to make sure that the client cannot call and edit anything through a simple browser console, and protect it from connecting from other sites?

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

3 answer(s)
Report
K
Koteezy, 2018-04-09
@VaniXac

No way. But you can change the subscription data, for example, if you have a channel:
App.User.{userId}
Instead of a user ID, use some hash that will change every few hours. Thus, it is impossible to avoid unauthorized connection to the room, but this will somewhat complicate the process of random connection to rooms.

Report
S
SagePtr, 2018-04-08
@SagePtr

Nothing, everything that a browser can do, the client can do, pretending to be a browser

Report
V
Viktor, 2018-04-09
@Levhav

To protect against connections from other sites, check the Origin header. Of course it can be faked. But regular browsers don't allow modifying this header from JavaScript

Similar questions
I
Ingerniated2017-05-30 20:25:42
Will Soviet speakers fit a foreign amplifier? 3Reply
P
Pantene7422016-05-30 15:45:15
Is it possible to make pseudo-streaming from video files in Node.js? 0Reply
M
maksam072018-11-21 15:11:47
How to work with WebSocket correctly (installing the necessary components on the server)? 1Reply
E
exetico2020-10-01 16:18:49
How to split query for telegram users? 1Reply
V
Vadim Bakhtin2016-07-04 20:36:22
What is the best way to work with websockets? 2Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question