Just remember that authentication and origin checking is completely up to the websocket server. Any random page in a browser can talk to your websocket cross origin, and it's up to your server to check the "Origin"…
Why do you need a reverse proxy? The DNS challenge works without https.
Yes you can. You control the DNS, just point that subdomain to 127.0.0.1.
What's wrong with Lets Encrypt and DNS challenge? Then you get a globally recognised cert.
The websocket server needs to check the "Origin" header from the client. The code then needs to know what is expected (eg localhost or 127.0.0.q). If the origin header is something like "evil.xyz.com", then it needs to…
Does it have any protection from malicious js on another site (say a bad ad on a news site) connecting to your application? I have seen some applications like this, but they fail to check the origin header.
With websockets, it's actually up to the server to implement the cross origin detection. The library used in this application does not implement any protection. So it's possible for any page on the net (eg evil.com) to…
The numlock and capslock indicators can be used as confirmation signals coming back so it knows if it is working.
We are also having issues resolving some .io domains from AWS Sydney (ap-southeast-2)
This could potentially be simplified by using ws2812 style LEDs like this: https://learn.adafruit.com/neopixel-arcade-button/overview Plus a fade candy controller. Then you just need to build something to read the micro…
But if you host your site on your infrastructure, and it goes down, you can't post status updates to tell people what's going on/ when you will be back online. Its quite reasonable to not host your own homepage or…
If I understand correctly, there is a key in the DHT that is effectively a list of pointers to all your mail? If so, an attacker could control your inbox by starting a bunch of nodes around that key, couldn't they? To…
Just remember that authentication and origin checking is completely up to the websocket server. Any random page in a browser can talk to your websocket cross origin, and it's up to your server to check the "Origin"…
Why do you need a reverse proxy? The DNS challenge works without https.
Yes you can. You control the DNS, just point that subdomain to 127.0.0.1.
What's wrong with Lets Encrypt and DNS challenge? Then you get a globally recognised cert.
The websocket server needs to check the "Origin" header from the client. The code then needs to know what is expected (eg localhost or 127.0.0.q). If the origin header is something like "evil.xyz.com", then it needs to…
Does it have any protection from malicious js on another site (say a bad ad on a news site) connecting to your application? I have seen some applications like this, but they fail to check the origin header.
With websockets, it's actually up to the server to implement the cross origin detection. The library used in this application does not implement any protection. So it's possible for any page on the net (eg evil.com) to…
The numlock and capslock indicators can be used as confirmation signals coming back so it knows if it is working.
We are also having issues resolving some .io domains from AWS Sydney (ap-southeast-2)
This could potentially be simplified by using ws2812 style LEDs like this: https://learn.adafruit.com/neopixel-arcade-button/overview Plus a fade candy controller. Then you just need to build something to read the micro…
But if you host your site on your infrastructure, and it goes down, you can't post status updates to tell people what's going on/ when you will be back online. Its quite reasonable to not host your own homepage or…
If I understand correctly, there is a key in the DHT that is effectively a list of pointers to all your mail? If so, an attacker could control your inbox by starting a bunch of nodes around that key, couldn't they? To…