Reputation: 1385
Socket.io Security Issues
I'm wondering how I could secure my socket.io connection to the server from th following.
Security Issues:
- What would stop malicious users from connecting to the socket server via client side code?
Example:
OUTSIDE DOMAIN REQUEST var socket = io.connect('http://Mydomain', {port: 4000});
- Users can seemingly create thousands of concurrent connections just by opening a different browser window.
How can I prevent these issues?
Upvotes: 10
Views: 8218
Answers (2)
Reputation: 26317
You should be able to check serverside that the HTTP referrer is correct. Check the socket.io spec for info on both http referring as well as handshaking.
https://github.com/socketio/socket.io-protocol
Also 0.8 has referrer verification. Havent used it before, but this may be a place to start looking:
https://github.com/LearnBoost/socket.io/pull/481
Upvotes: 6
Reputation: 21
Well, if your (real) clients are coming from a well know location, you'd probably want to to block everyone else at the firewall level. Assuming your service is available to everyone, you can probably look into client-server handshake mechanism.
Upvotes: 0
Related Questions
- New in Socket.io, How to prevent Socket.io client script hacking
- Authentication in Socket.io
- NodeJS and Socket.io
- Socket.IO Client Security
- How do I secure Socket.IO?
- Socket.io, Security and Multiplayer
- Socket.IO HTTP - How to Secure the Configuration
- How to secure socket.io in client side?
- node.js and socket.io
- JavaScript, node.js and security