Socket.io security - is this possible only from a specific domain?

Question

Socket.io security - is this possible only from a specific domain?

I am creating a websocket service (node.js + socket.io) that will aggregate data on clients (permission, clicks, etc.) and send it to my administrator (via websites). However, I do have some security issues. On the client side, my websocket server address is displayed as follows:

var socket = new io.Socket('127.0.0.1', {'port': 3000});

so that everyone can accept this address and click on the milion request (which will disable my server).

How to protect my socket server? Maybe only allow socket connections from my domain (how)?

0

node.js websocket socket.io

Pono Apr 20 '11 at 11:42

source share

1 answer

yojimbo87 · Answer 1 · 2011-04-20T12:35:54+0000

How to protect my socket server?

You can limit the number of simultaneously connected clients. For example, if there are 5,000 active clients in WebSockets, then new ones will be rejected until some "free slots" appear.

Perhaps only allow socket connections from my domain (how)?

Client (browser) connections do not have your domain as a "source".

Socket.io security - is this possible only from a specific domain?

More articles: