在 js 文件中建立 WebSocket 连接是否危险?
[英]Is it dangerous to establish WebSocket connection in a js file?
问题描述
So, basically, I have this code:
所以,基本上,我有这个代码:
let socket = new WebSocket('ws://localhost:8080/server.php');
socket.onopen = () => {
console.log('connection established !');
}
I use this code to establish a connection for a Real-Time Quiz.我使用此代码为实时测验建立连接。 But after going to the Sources page of my inspector, I can see the whole javascript code in my browser, including ws://localhost:8080/server.php .但是在我的检查员的 Sources 页面之后,我可以在我的浏览器中看到整个 javascript 代码,包括ws://localhost:8080/server.php 。 Is it dangerous to show it (unintentionally)? (无意地)展示它有危险吗? If someones creates a script and puts in it the same url (not localhost, it's just an example), can he receive/send data to the server?如果某人创建了一个脚本并在其中放入相同的 url(不是本地主机,这只是一个示例),他可以接收/发送数据到服务器吗?
1 个解决方案
解决方案1
1 已采纳 2021-05-22 03:02:20
yes,it is dangerous.是的,这很危险。 u can:你可以:
verify the client http request header for example 'Origin'.
验证客户端 http 请求 header 例如“起源”。 make sure the client website is the right client website.确保客户网站是正确的客户网站。use a TSL websocket service, visit to the server over SSL.
使用TSL websocket服务,通过SSL访问服务器。 So the protocol is changing to: wss://所以协议改为:wss://give the client a request token, put this token in header or in post data, the server verify this token.
给客户端一个请求令牌,将此令牌放入 header 或发布数据中,服务器验证此令牌。check the request times of a client in limited time.
在有限的时间内检查客户的请求时间。 make sure a specific client won't request too frequently确保特定客户不会过于频繁地请求
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.