[英]Web Socket Secure URL Encryption
Is the URL itself encrypted as well when using wss://
? 使用
wss://
时,URL本身是否也被加密? For example, say you have a simple Sinatra web application that accepts web socket connections: 例如,假设您有一个简单的Sinatra Web应用程序,它接受Web套接字连接:
class App < Sinatra::Base
get "/ws/:api_key/room/:id" do |api_key, id|
user = User.find_by(api_key: api_key)
room = Room.find(id)
if RoomAuthenticator.new(room).authorized?(user)
request.websocket do |ws|
ws.onopen { publish(room, "#{user.name} connected.") }
end
else
401
end
end
end
Then from the client/browser, in JavaScript: 然后从客户端/浏览器,在JavaScript中:
new WebSocket("wss://" + window.location.host + "/ws/" + user.api_key + "/room/" + room.id);
Is the user.api_key
in the URL encrypted or is it susceptible to attacks? URL中的
user.api_key
是加密的还是容易受到攻击?
Yes, the URL will be encrypted. 是的,URL将被加密。 Secure web sockets use Transport Layer Security (just like HTTPS does) to tunnel all data over the secure connection.
安全Web套接字使用传输层安全性(就像HTTPS一样)来通过安全连接隧道传输所有数据。 See section 4 of RFC 6455 :
请参阅RFC 6455的第4节 :
If /secure/ is true, the client MUST perform a TLS handshake over the connection after opening the connection and before sending the handshake data.
如果/ secure /为true,则客户端必须在打开连接之后和发送握手数据之前通过连接执行TLS握手。 [...] all further communication on this channel MUST run through the encrypted tunnel.
[...]此通道上的所有进一步通信必须通过加密隧道。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.