堆栈内存溢出
  简体   繁体   English

XMPP Strophe.JS应用程序安全问题

[英]XMPP Strophe.JS Application Security Concern

 原文  2013-10-29 12:33:29       javascript/ security/ xmpp/ chat/ strophe

问题描述

I'm looking for a good XMPP Chat Application standard for web platform (like eBuddy, Facebook Chat, etc.) I've googled some XMPP libraries for web application and my choice goes to Strophe.js since it is very simple and robust. 我正在寻找适用于Web平台的良好XMPP聊天应用程序标准(例如eBuddy,Facebook Chat等)。我已经搜索了一些用于Web应用程序的XMPP库,由于它非常简单且健壮,我选择了Strophe.js。

But I'm not sure to developing a pure Javascript application because of security concern. 但是出于安全考虑,我不确定要开发纯Javascript应用程序。 Most of modern browser could see your Javascript code by inspect element feature like Google Chrome does. 大多数现代浏览器都可以像Google Chrome一样通过检查元素功能来查看您的Javascript代码。 I'm afraid this could be a critical problem in future days. 恐怕这可能是未来的关键问题。 All people could see and know your application logic and what your application does behind the scene. 所有人都可以看到并了解您的应用程序逻辑以及您的应用程序在后台执行的操作。

My question is it possible to combining Strophe.js and server-side programming (eg. PHP, ASP.NET, etc). 我的问题是可以将Strophe.js与服务器端编程(例如PHP,ASP.NET等)结合起来。 I mean using Strophe.js as a View-Tier and server-side programming as Controller-Tier? 我的意思是将Strophe.js用作View-Tier,将服务器端编程用作Controller-Tier?

Or is it possible to hide your Javascript code, so that user could not see the details behind the scene of you application? 还是可以隐藏您的Javascript代码,以使用户看不到应用程序背后的细节?

What is the best practice? 最佳做法是什么?

Thanks in advance :) 提前致谢 :)

1 个解决方案

解决方案1
 1 已采纳  2013-10-30 15:11:22

Depends on what your security concerns are. 取决于您的安全问题。

My concern was the username and password public. 我关心的是用户名和密码public。 Our web app is MVC and I built a class that creates/logs in the users and passes the SID, RID and JID back out to the front end (Strophe) to then attach to the jabber server to start chatting. 我们的Web应用程序是MVC,我建立了一个在用户中创建/登录的类,并将SID,RID和JID传递回前端(Strophe),然后附加到jabber服务器以开始聊天。 See http://xmpp.org/extensions/xep-0206.html for more. 有关更多信息,请参见http://xmpp.org/extensions/xep-0206.html Essentially create the xml strings, send to the jabber server and manage the responses as shown in xep 206. 本质上创建xml字符串,发送到jabber服务器并管理响应,如xep 206中所示。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 XMPP:AngularJs + Strophe.js - XMPP: AngularJs + Strophe.js 使用Strophe.js定制XMPP消息 - custom XMPP messages with Strophe.js 同步 XMLHttpRequest Strophe.js - Synchronous XMLHttpRequest Strophe.js 为什么使用strophe.js的XMPP客户端仍在使用包括flXHR.js? - Why XMPP client using strophe.js still working with out including flXHR.js? 在 ReactNative 中使用 Strophe.js - Using Strophe.js with ReactNative 应用离线时的phonegap,Strophe.js和xmpp pubsub推送通知 - phonegap, Strophe.js and xmpp pubsub push notifications when app is offline strophe.min.js和strophe.js之间的区别? - Difference between strophe.min.js and strophe.js? Strophe.js带内注册 - Strophe.js in-band Registration 收到Strophe.js通知(撰写) - Strophe.js Notification Received (Composing) &lt;使用strophe.js时&lt; - < becomes &lt; when using strophe.js
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM