Socket.io如何使函数io()匿名?
[英]Socket.io How to make function io() anonymous?
问题描述
I'm trying to make an application on node.js using Soket.io 
我正在尝试使用Soket.io在node.js上创建一个应用程序
server-side 服务器端
var server = http.createServer(app);
var io = require('socket.io')(server, {httpCompression: false, cookie: false});
io.on('connection', function(socket) { ... });
client-side 客户端
<script src="https://cdn.socket.io/socket.io-1.4.5.js"></script>
<script>
var socket = io('ws://my-ws-server:8000/');
</script>
My problem: Each client/user can write into console mysocket=io('ws://my-ws-server'); 我的问题:每个客户端/用户都可以写入控制台mysocket=io('ws://my-ws-server'); and push new connection, so now he can emit signals with wrong data or spam with new Socket connections 并推送新的连接,所以现在他可以使用新的Socket连接emit带有错误数据或垃圾邮件的信号
I also tried download socket.io.js code, edit it with $(function(){ /*socket.io code*/ }); 我也尝试下载socket.io.js代码,用$(function(){ /*socket.io code*/ });编辑它$(function(){ /*socket.io code*/ }); , and when include ../javascript/socket.io.js to my page, but it doesn't help, io() function still accessed from console ,当include ../javascript/socket.io.js到我的页面,但它没有帮助,仍然从控制台访问io()函数
so, is there any solution? 那么,有什么解决方案吗? Is here any way to hide this function and prepare from spam with new fake socket connections? 有没有办法隐藏这个功能,并准备垃圾邮件与新的假套接字连接?
tnx, sry for my eng. tnx,sry for my eng。
1 个解决方案
解决方案1
0 已采纳 2016-07-05 18:55:54
One way is to prevent malicious data from your emit by validating input message before you dispatch it. 一种方法是在发送输入消息之前通过验证输入消息来防止发出恶意数据。 So first check if it's a string your system knows about by comparing it to your dictionary, then correct authority level clearance. 因此,首先通过将其与您的字典进行比较来检查它是否是您的系统知道的字符串,然后正确的权限级别清除。 If it passes then do the callback which emits the registered action. 如果它通过,则执行发出已注册操作的回调。 It's not 100% but it prevents your application from taking malicious information 它不是100%但它会阻止您的应用程序获取恶意信息
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.