在客户端编程Web套接字?
[英]Programming web sockets client-side?
问题描述
Sorry, web noob here and I have a few questions: 
抱歉,这里的网络菜鸟,我有几个问题:
- What exactly do "web sockets" do? “网络套接字”到底是做什么的? Are they connecting the client to a socket or are they making the server connect to some socket? 他们是将客户端连接到套接字还是使服务器连接到某个套接字?
- It's supposedly a security risk to allow the client to connect to any other socket. 允许客户端连接到任何其他套接字都被认为存在安全风险。 What kind of risks are there? 有什么样的风险?
1 个解决方案
解决方案1
0 已采纳 2012-06-05 23:55:54
Web sockets allow persistent, two-way connections between the client and the server. Web套接字允许客户端和服务器之间进行持久的双向连接。 The server can "push" data to the client and vice-versa. 服务器可以将数据“推送”到客户端,反之亦然。 This is as opposed to a single AJAX request which can only push data once from client to server and receive one response. 这与单个AJAX请求相反,后者只能将数据从客户端推送到服务器一次并接收一个响应。 These connections can be insecure, depending on how data is used on the server. 这些连接可能不安全,具体取决于服务器上数据的使用方式。 Data sent from the client runs through a script of yours, so you control what happens. 从客户端发送的数据通过您的脚本运行,因此您可以控制发生的情况。 Needless to say, it would be stupid to, say, execute or write to disk whatever is received from the client. 不用说,将执行从客户端接收到的任何内容执行或写入磁盘都是愚蠢的。 As long as you check that it is what you expect it to be, you should be okay. 只要您检查它是否符合预期,就可以了。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.