确保Socket.io [英] Securing Socket.io
问题描述
我使用的身份验证使用HTTP基本(因为数据通过SSL加密连接发送,这是罚款)。
I am using a Node.js based https server that authenticates using HTTP Basic (which is fine as the data are sent over the SSL encrypted connection).
现在我想提供一个Socket.io连接应该是
Now I want to provide a Socket.io connection which should be
- 加密和
- 认证用户只。
问题是如何做到这一点。我已经发现,我需要指定 {保护:真正} 在客户端的JavaScript code连接到插座时,但我如何强制对服务器 - 方认为套接字连接只能通过SSL运行,并且它仅适用于经过验证的用户?
The question is how to do this. I already found out that I need to specify { secure: true } in the client JavaScript code when connecting to the socket, but how do I force on the server-side that socket connections can only be run over SSL, and that it works only for authenticated users?
我猜测,SSL事情是容易的部分,因为Socket.io服务器被绑定到只有HTTPS服务器,所以应该只运行使用SSL,而且应该没有可能通过一个运行(另外)运行http服务器,对吧?
I guess that the SSL thing is the easy part, as the Socket.io server is bound to the https server only, so it should run using SSL only, and there should be no possibility to run it over an (additionally) running http server, right?
对于我没有如何确保套接字连接丝毫的想法只能使用一次的用户使用HTTP基本身份验证成功建立其他的事情。
Regarding the other thing I have not the slightest idea of how to ensure that socket connections can only be established once the user successfully authenticated using HTTP Basic.
任何想法?
推荐答案
虽然由Linus答案基本上是正确的,我现在用的 session.socket.io - 基本上做同样的事情,但这样少定做code写的
Although the answer by Linus is basically right, I now solved it in a more easy way using the session.socket.io - which basically does the same thing, but with way less custom-code to write.
这篇关于确保Socket.io的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
