Ad

How Secure Are Socket Variables In Socket.io?

- 1 answer

For example, if we were to assign a username on a socket.on function.

io.sockets.on('connection', function (socket) {
    socket.on('login', function (data) {
        socket.username = data.username;
    });
});

How secure is it leaving the username as a socket variable? Is it only server-side?

Ad

Answer

The socket object in your code is a server-side object and a custom property assigned to it is only available server-side. Such a property is not sent to the client.

A custom property like this is as secure as a property on any Javascript object in your node.js server-side code. It has no automatic conduit to anything in the client. The socket object in your code is just a regular server-side Javascript object.

Ad
source: stackoverflow.com
Ad