Web套接字安全URL加密
[英]Web Socket Secure URL Encryption
问题描述
Is the URL itself encrypted as well when using wss:// ? 
使用wss://时,URL本身是否也被加密? For example, say you have a simple Sinatra web application that accepts web socket connections: 例如,假设您有一个简单的Sinatra Web应用程序,它接受Web套接字连接:
class App < Sinatra::Base
get "/ws/:api_key/room/:id" do |api_key, id|
user = User.find_by(api_key: api_key)
room = Room.find(id)
if RoomAuthenticator.new(room).authorized?(user)
request.websocket do |ws|
ws.onopen { publish(room, "#{user.name} connected.") }
end
else
401
end
end
end
Then from the client/browser, in JavaScript: 然后从客户端/浏览器,在JavaScript中:
new WebSocket("wss://" + window.location.host + "/ws/" + user.api_key + "/room/" + room.id);
Is the user.api_key in the URL encrypted or is it susceptible to attacks? URL中的user.api_key是加密的还是容易受到攻击?
1 个解决方案
解决方案1
1 已采纳
Yes, the URL will be encrypted. 是的,URL将被加密。 Secure web sockets use Transport Layer Security (just like HTTPS does) to tunnel all data over the secure connection. 安全Web套接字使用传输层安全性(就像HTTPS一样)来通过安全连接隧道传输所有数据。 See section 4 of RFC 6455 : 请参阅RFC 6455的第4节 :
If /secure/ is true, the client MUST perform a TLS handshake over the connection after opening the connection and before sending the handshake data.
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.