node.js(带socket.io)安全?
[英]node.js (with socket.io) security?
问题描述
since I am learning node.js I was wondering about something: When I use node.js server to run a websocket, so that clients can connect (like on a website via javascript), it always listens public.
因为我正在学习 node.js,所以我想知道一些事情:当我使用 node.js 服务器运行 websocket,以便客户端可以连接(如通过 javascript 在网站上)时,它总是公开侦听。 Isn't that a security problem, that everyone in the world would be able to send data to the ip:port.这不是一个安全问题,世界上的每个人都可以将数据发送到ip:port。 They just have to connect to the server via the data that are written anyway within javascript and send / receive data?他们只需要通过在 javascript 中写入的数据连接到服务器并发送/接收数据?
I was thinking about a token, which would make sense in Java or Swift etc, but in javascript it can be seen anyway?!我正在考虑一个令牌,它在 Java 或 Swift 等中有意义,但在 javascript 中它无论如何都可以看到?!
1 个解决方案
解决方案1
0 2020-03-04 11:04:07
TL;DR: yes, It's totally secure. TL;DR:是的,它是完全安全的。 Every time the browser sends an HTTP request, there is a port waiting for the server's response.浏览器每次发送 HTTP 请求时,都会有一个端口等待服务器的响应。 The difference between this to an open port is that an open port is open for everyone on the web.这与开放端口的区别在于开放端口对网络上的每个人开放。 In an HTTP request or web socket, the port opens only to the server.在 HTTP 请求或 Web 套接字中,端口仅对服务器开放。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.