Reputation: 1640
Now.js and secure
i've made some chat application in Node.js with now.js. And now I think up about something. There are two files.. server.js, and client.js and everyone can steal client.js file and run it on another hosting to get benefits of my server.js work. How can I prevent it?
This is about that client.js connect with host by domain and port:
window.now = nowInitialize("http://address.com:6564");
How make it more secure, for example only clients (js files) from my host(address.com) can connect with my host.
Upvotes: 0
Views: 252
Answers (2)
Reputation: 3665
If your concern is that other servers can use your server with the client code: this should not be an issue because of the Same Origin Policy. Only if your server specifically allows it, will clients from other hosts be able to communicate with it.
Just try it out from a different domain name (or even localhost): you will see your browser won't let you make cross-domain requests.
(As an example, you can see this StackOverflow post were a user could not get Socket.IO working over different host/post combinations.)
UPDATE
It would work like this:
Upvotes: 3
Reputation: 2502
How does your users get authentified into you chat? Is there a registration or anything?
Maybe a token or a secure key would do it? Or a secure cookie ( sorry ... but at least invisible to the user ) with the said token? And without a token you couldn't access your services?
Upvotes: 0