Get Even More Visitors To Your Blog, Upgrade To A Business Listing >>

Socket.io Security Issues

Socket.io Security Issues

Problem

I'm wondering how I could secure my socket.io connection to the server from th following.

Security Issues:

  • What would stop malicious users from connecting to the socket server via client side code?

Example:

OUTSIDE DOMAIN REQUEST var socket = io.connect('http://Mydomain', {port: 4000});
  • Users can seemingly create thousands of concurrent connections just by opening a different browser window.

How can I prevent these issues?

Problem courtesy of: Trevor

Solution

You should be able to check serverside that the HTTP referrer is correct. Check the socket.io spec for info on both http referring as well as handshaking.

https://github.com/socketio/socket.io-protocol

Also 0.8 has referrer verification. Havent used it before, but this may be a place to start looking:

https://github.com/LearnBoost/socket.io/pull/481

Solution courtesy of: wesbos

Discussion

View additional discussion.



This post first appeared on Node.js Recipes, please read the originial post: here

Share the post

Socket.io Security Issues

×

Subscribe to Node.js Recipes

Get updates delivered right to your inbox!

Thank you for your subscription

×