Socket.io Security Issues

About

Asked 16/9, 2011 at 21:12 Answered 17/9, 2011 at 1:0

Solved security node.js socket.io

I'm wondering how I could secure my socket.io connection to the server from th following.

Security Issues:

What would stop malicious users from connecting to the socket server via client side code?

Example:

OUTSIDE DOMAIN REQUEST var socket = io.connect('http://Mydomain', {port: 4000});

Users can seemingly create thousands of concurrent connections just by opening a different browser window.

How can I prevent these issues?

Singultus answered 16/9, 2011 at 21:12 Comment(1)

look at github.com/LearnBoost/socket.io/wiki/Authorizing and inspect user's address (ip) and header request via socket.handshake or global authorize – Discounter 1/10, 2012 at 0:31

You should be able to check serverside that the HTTP referrer is correct. Check the socket.io spec for info on both http referring as well as handshaking.

https://github.com/socketio/socket.io-protocol

Also 0.8 has referrer verification. Havent used it before, but this may be a place to start looking:

https://github.com/LearnBoost/socket.io/pull/481

Seasickness answered 17/9, 2011 at 1:0 Comment(1)

Thanks, but what if there are multiple connections from the same user? – Singultus 18/9, 2011 at 0:19

Well, if your (real) clients are coming from a well know location, you'd probably want to to block everyone else at the firewall level. Assuming your service is available to everyone, you can probably look into client-server handshake mechanism.

Travis answered 16/9, 2011 at 23:38 Comment(0)

Hot tags

Godot Unity Godot Help Programming Godot 4.X GUI GDScript 3D 2D Physics CSharp Godot 3.X VR XR Projects C++

Recommended topics

Hot tags