1

I'm using Laravel 5.1 for my backend and at the same time, I have Nodejs server running purely for socket.io and this is only for the 'news' table.

Basically, every single time an item is added to the news table in mySQL, Laravel broadcasts an event, which is caught by socket.io on the client and then socket.io sends off an AJAX call to the server API to retrieve the news item.

I am very new to Node.js and this is my first project actually using it. I was thinking about using pusher instead, for Real-time updates, but wanted to try something new and went for this setup.

So my question is, how secure is Node.js server in this scenario? It runs a very simple server at the moment as I said, which is solely for socket.io and nothing else. Are there any security measures I should take before the app goes LIVE?

Improve this question

1 Answer 1

Reset to default
1

If you only use socket.io and your backend script in node only dispatches to the socket (and doesn't receive any data from the front end), you shouldn't have anything to worry about. You could also only dispatch to clients that have a PHP session, and for that you can use Redis between PHP & Node.

Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

Do you know of a good tutorial or example of how to determine that a PHP session exists using Redis and NodeJS? I've built a two-way chat and I don't know what I need to do to secure it. Built it with Laravel 5 + Redis + NodeJS.
Sorry I don't. But you could do something like (from the top of my head): generate a random string and save it and the ip in the session and redis. When your node client connects to the node server, expect the random string to be passed. Check if the combo random string + ip is in redis from node, then allow the socket to send/receive.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.