[英]Is it dangerous to establish WebSocket connection in a js file?
So, basically, I have this code:所以,基本上,我有这个代码:
let socket = new WebSocket('ws://localhost:8080/server.php');
socket.onopen = () => {
console.log('connection established !');
}
I use this code to establish a connection for a Real-Time Quiz.我使用此代码为实时测验建立连接。 But after going to the Sources page of my inspector, I can see the whole javascript code in my browser, including
ws://localhost:8080/server.php
.但是在我的检查员的 Sources 页面之后,我可以在我的浏览器中看到整个 javascript 代码,包括
ws://localhost:8080/server.php
。 Is it dangerous to show it (unintentionally)? (无意地)展示它有危险吗? If someones creates a script and puts in it the same url (not localhost, it's just an example), can he receive/send data to the server?
如果某人创建了一个脚本并在其中放入相同的 url(不是本地主机,这只是一个示例),他可以接收/发送数据到服务器吗?
yes,it is dangerous.是的,这很危险。 u can:
你可以:
verify the client http request header for example 'Origin'.验证客户端 http 请求 header 例如“起源”。 make sure the client website is the right client website.
确保客户网站是正确的客户网站。
use a TSL websocket service, visit to the server over SSL.使用TSL websocket服务,通过SSL访问服务器。 So the protocol is changing to: wss://
所以协议改为:wss://
give the client a request token, put this token in header or in post data, the server verify this token.给客户端一个请求令牌,将此令牌放入 header 或发布数据中,服务器验证此令牌。
check the request times of a client in limited time.在有限的时间内检查客户的请求时间。 make sure a specific client won't request too frequently
确保特定客户不会过于频繁地请求
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.