Enhancing Security in a now.js/socket.io chat

前端 未结 1 1100
滥情空心
滥情空心 2021-02-10 00:40

A chat with nowjs or socket.io is one of the easiest exercises you can perform with them. I want to implement a multi-room chat (with a non-fixed number of rooms and logged user

1条回答
  •  闹比i
    闹比i (楼主)
    2021-02-10 00:56

    Man-in-the-middle is certainly a consideration. The biggest security issue, though, would be XSS.

    This useful SO thread suggests:

    1. socket.io 0.8 has referrer verification built in
    2. if chat is from known origin, block superfluous connections at the firewall

    This very informative article suggests:

    1. don't trust the client
    2. use SSL encryption
    3. check the origin
    4. prevent XSS (sanitize client input!)
    5. don't assume it's a browser

    This useful thread says to set secure:true on socket.io.connect(...)

    I'd recommend taking all those suggestions :)

    0 讨论(0)
提交回复
热议问题