Socket.io How to make function io() anonymous?
Question
I'm trying to make an application on node.js using Soket.io
server-side
var server = http.createServer(app);
var io = require('socket.io')(server, {httpCompression: false, cookie: false});
io.on('connection', function(socket) { ... });
client-side
<script src="https://cdn.socket.io/socket.io-1.4.5.js"></script>
<script>
var socket = io('ws://my-ws-server:8000/');
</script>
My problem: Each client/user can write into console mysocket=io('ws://my-ws-server'); and push new connection, so now he can emit signals with wrong data or spam with new Socket connections
I also tried download socket.io.js code, edit it with $(function(){ /*socket.io code*/ }); , and when include ../javascript/socket.io.js to my page, but it doesn't help, io() function still accessed from console
so, is there any solution? Is here any way to hide this function and prepare from spam with new fake socket connections?
tnx, sry for my eng.
1 answers
solution1
0 ACCPTED 2016-07-05 18:55:54
One way is to prevent malicious data from your emit by validating input message before you dispatch it. So first check if it's a string your system knows about by comparing it to your dictionary, then correct authority level clearance. If it passes then do the callback which emits the registered action. It's not 100% but it prevents your application from taking malicious information
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.