是否可以强制 socket.io 使用 wss 而不是 ws,而不必更改为 https? [英] Is it possible to force socket.io to use wss instead of ws, without having to change to https?
问题描述
我一直在尝试设置一个服务器,用户可以在其中使用 websockets 发送登录信息,但我不想使用 ws 来执行此操作.我希望能够在没有 https 的情况下打开 wss.可悲的是,没有任何选择可以做到这一点.所以问题是如何在不使用 https 协议的情况下在客户端执行此操作.
I have been trying to setup a server where users can send sign in using websockets, but I don't want to do this using ws. I want to be able turn on wss without having https. Sadly, there aren't any options to do this. And so the question is how would one do this on the client side without using https protocol.
推荐答案
来自 Websocket协议规范:
wss URI 标识 WebSocket 服务器和资源名称,以及表示通过该连接的流量将受到保护通过TLS(包括 TLS 的标准优势,例如数据保密性和完整性,以及端点身份验证).
A
wssURI identifies a WebSocket server and resource name, and indicates that traffic over that connection is to be protected via TLS (including standard benefits of TLS such as data confidentiality and integrity, and endpoint authentication).
强调我的
现在您可以理解您的请求的荒谬之处了:wss is https.
当然,术语是错误的(https 与 wss 是不同的协议),但归根结底,两者都只是各自 TCP 纯协议的版本(http 和 ws) 超过 TLS.
Now you can understand the absurdity of your request: wss is https.
Of course the terminology is wrong (https is a different protocol than wss) but the bottom of the line is that both are simply the version of their respective TCP plain protocols (http and ws) over TLS.
所以答案是否.
事实上,安全是一件复杂的事情.
非常有经验的程序员不会发明或探索新方法,并且根据您提出的问题类型,您似乎没有太多的专业知识.
As a matter of fact security is a complex thing.
Very experienced programmers refrain from inventing or exploring new ways and, based on the kind of question you asked, you don't appear to have much expertise this field.
所以最好按照最佳实践做事,他们说使用https"使用https".
So it's better to do things as best-practices say, it they say to use "https" use "https".
建议开始认真研究安全性(或聘请承包商),但不要发明执行安全身份验证的新方法,除非您拥有抽象代数博士学位和多年开发密码方案的经验.
Starting studying security seriously (or hiring a contractor) is advised, inventing new ways to perform secure authentication is not, unless you have a PhD in abstract algebra and several years of experience in developing cryptographic schemes.
这篇关于是否可以强制 socket.io 使用 wss 而不是 ws,而不必更改为 https?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
