Trevor
Trevor

Reputation: 1385

Socket.io Security Issues

I'm wondering how I could secure my socket.io connection to the server from th following.

Security Issues:

Example:

OUTSIDE DOMAIN REQUEST var socket = io.connect('http://Mydomain', {port: 4000});

How can I prevent these issues?

Upvotes: 10

Views: 8218

Answers (2)

wesbos
wesbos

Reputation: 26317

You should be able to check serverside that the HTTP referrer is correct. Check the socket.io spec for info on both http referring as well as handshaking.

https://github.com/socketio/socket.io-protocol

Also 0.8 has referrer verification. Havent used it before, but this may be a place to start looking:

https://github.com/LearnBoost/socket.io/pull/481

Upvotes: 6

A.RG
A.RG

Reputation: 21

Well, if your (real) clients are coming from a well know location, you'd probably want to to block everyone else at the firewall level. Assuming your service is available to everyone, you can probably look into client-server handshake mechanism.

Upvotes: 0

Related Questions