0

I have my node socket server running on the same VPS as my website is. Is there a way I can prevent other "websites" or other node projects from connecting to my socket server and emitting data?

My website and node project have the same IP address.

For example: (client side html)

<script>
  var socket = io.connect('localhost') //localhost as an example
  socket.on('example', function(data) { 
     console.log(data) ;
  });
  socket.emit('sendToServer', 'hello world');
</script>

I want this code right here to only be usable by my website (or IP)

EDIT: If there isnt any to do this within socket.io, is there a way I can authenticate my socket server to make it so only my IP can emit things

user3056010
  • 13
  • 1
  • 3
  • if you know the needed IP - simply make a check on `connection`. Probably another thread will be helpful. http://stackoverflow.com/questions/6458083/socket-io-get-clients-ip-address – skip405 Sep 10 '14 at 13:58

1 Answers1

0

If you're that concerned about it, you should consider only allowing authenticated users. Otherwise trying to ban explicit IP addresses and maintaining that list isn't very feasible.

mscdex
  • 104,356
  • 15
  • 192
  • 153
  • I use socket.io to have display alerts on my site. So what a random user could do is easily connect to my socket server and send alerts to my site. – user3056010 Sep 10 '14 at 14:00
  • 1
    If you're displaying alerts, wouldn't only the server be in control of that? Why would you want to blindly accept alerts from the client and broadcast those alerts/messages to everyone? – mscdex Sep 10 '14 at 14:03
  • My alerts need to be live, so I used socket to display those. I'm saying I don't want to blindly accept alerts which is why I am trying to authenticate it. And everyone can connect to my socket server, which is what I am trying to prevent. – user3056010 Sep 10 '14 at 14:09
  • Yes people can connect to the socket server, however, unless you authenticate them, you don't have to accept their input. Look at socket.io-handshake NPM module. It will help connect your express / socket.io sessions together and provide that layer of security you need. – Nathan Romano Sep 10 '14 at 17:48