Reputation: 15
Is it dangerous to establish WebSocket connection in a js file?
So, basically, I have this code :
let socket = new WebSocket('ws://localhost:8080/server.php');
socket.onopen = () => {
console.log('connection established !');
}
I use this code to establish a connection for a Real-Time Quiz. But after going to the Sources page of my inspector, I can see the whole javascript code in my browser, including ws://localhost:8080/server.php. Is it dangerous to show it (unintentionally) ? If someones creates a script and puts in it the same url (not localhost, it's just an example), can he receive/send data to the server ?
Upvotes: 1
Views: 95
Answers (1)
Reputation: 86
yes,it is dangerous. u can:
verify the client http request header for example 'Origin'. make sure the client website is the right client website.
use a TSL websocket service, visit to the server over SSL. So the protocol is changing to: wss://
give the client a request token, put this token in header or in post data, the server verify this token.
check the request times of a client in limited time. make sure a specific client won't request too frequently
Upvotes: 1
Related Questions
- PHP websocket server and JavaScript connection
- What are the security issues around an open websocket connection?
- Is this WebSockets approach correct?
- Can I use webSockets on my php web app?
- node.js and javascript websockets communication
- Are websockets suitable for use with PHP?
- are websockets secure or not?
- Is it a bad practice to send HTML over an WebSocket connection
- WebSockets... Are they unsafe?
- Websockets, socket.io, nodejs, and security