TechQA.

Does socket.io broadcast to subscribers only?

649 views Asked by At

Please examine the server-side code below. Assuming that data.id is abc77 at some instant, will every connected browser receive a socket message 'my_model/abc77:update', or only the ones that have subscribed to this particular message, regardless of whether the socket.io event is raised or not?

To clarify, using a practical application: will a hacker be able to receive the message 'my_model/abc77:update' using the browser's developer console, even if his instance of my application has no subscription to it, not knowing that data.id is abc77?

var io = require('socket.io');
io.listen ( server ).sockets.on ( 'connection', function ( socket ) {

    socket.on('my_model:update', function(data, callback) {

        database.save(data, function(err){
            if (!err) {
                callback(data);
                socket.broadcast.emit('my_model/'+data.id+':update');
            }
        });

    });
});
security node.js websocket socket.io broadcasting
Original Q&A
1

There are 1 answers

0
Betamos On BEST ANSWER

It's broadcasted to every other socket connected. To restrict the broadcast to a certain group of sockets, use rooms.

Related Questions in SECURITY

Related Questions in NODE.JS

Related Questions in WEBSOCKET

Related Questions in SOCKET.IO

Related Questions in BROADCASTING

Popular Questions

Popular Tags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json python-3.x ruby-on-rails .net sql-server swift django angular objective-c pandas excel

Trending Questions