Answer the question
In order to leave comments, you need to log in
L
L
lgick2014-05-26 15:13:15
lgick, 2014-05-26 15:13:15
Security in websockets. Is it possible to filter all connections at the handshake level and disable the attacker's attacks?
How to secure a ws connection?
1. Check origin.
Thus, you can prohibit connecting from different domains, protocols, etc.
But what if the connection is made from an allowed domain, but the packets are sent by an attacker?
How to do it:
Every browser has a console. Having entered it and being on an allowed page, you can create a new connection through it and send packets manually, thereby flooding the server, for example, with a syntactic attack.
How to avoid it?
You can check each message message. Such a check will be carried out for each package, each user. And if there are a lot of packages (online game) and a lot of users, then this creates an additional load!
At the same time, if the project is open source, then there is always the opportunity to delve into the sources and probably find a hole
. I think the most correct option is to filter connections at the time of the handshake (handshake).
That's just how to do it?
1 answer(s)
@MarcusAurelius
T
Timur Shemsedinov, 2014-05-27 @MarcusAurelius
What's the problem then?
https://github.com/Worlize/WebSocket-Node
ws.on('request', function(request) {
// filter here
if (...) request.reject();
});
Similar questions
V
K
G
R
K
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question