Comments (4)
ericz
commented on July 2, 2024
Hey Tom,
We've added the clientWrite option which allows you to stop clients from writing to the server.
nowjs.initialize(httpServer, {clientWrite: false});
However changes are rejected on the server side so it is important to make sure that any type of data sent to the server is rejected if it surpasses a certain size
from now.
tommedema
commented on July 2, 2024
Hi Eric,
Thanks.
Your last remark got my slightly confused though. I assume that you refuse a
variable change on the server side before even looking at the given data,
right? What did you mean with the size validation or was that regarding
function calls?
Regards,
Tom
2011/4/9 ericz <
[email protected]>
Hey Tom,
We've added the clientWrite option which allows you to stop clients from
writing to the server.nowjs.initialize(httpServer, {clientWrite: false});However changes are rejected on the server side so it is important to make
sure that any type of data sent to the server is rejected if it surpasses a
certain sizeReply to this email directly or view it on GitHub:
#43 (comment)
from now.
ericz
commented on July 2, 2024
Hey Tom,
Yes that was regarding function calls.
Variable changes rejections can be done at a lower level than what
we're doing now. It would be a more difficult implementation but the
gains are clear. I'll look into shipping that in the next version.
Thanks,
Eric
On Sat, Apr 9, 2011 at 9:02 AM, tommedema
[email protected]
wrote:
Hi Eric,
Thanks.
Your last remark got my slightly confused though. I assume that you refuse a
variable change on the server side before even looking at the given data,
right? What did you mean with the size validation or was that regarding
function calls?Regards,
Tom2011/4/9 ericz <
[email protected]>Hey Tom,
We've added the clientWrite option which allows you to stop clients from
writing to the server.nowjs.initialize(httpServer, {clientWrite: false});
However changes are rejected on the server side so it is important to make
sure that any type of data sent to the server is rejected if it surpasses a
certain sizeReply to this email directly or view it on GitHub:
#43 (comment)Reply to this email directly or view it on GitHub:
#43 (comment)
510-691-3951
EECS Student at UC Berkeley
http://ericzhang.com
from now.
tommedema
commented on July 2, 2024
Hello again,
I looked at your multi room chat example:
https://github.com/Flotype/now/blob/master/examples/multiroomchat_example/multiroomchat_server.js
https://github.com/Flotype/now/blob/master/examples/multiroomchat_example/multiroomchat_server.jsMy
concerns are that some developers probably do not realize that the client
can actually change their own room programatically, by changing now.room.
For example, if the dev is to extend this example to include private rooms
(1 to 1), a non-invited person could change his room to a private room and
enter that conversation.
However, when clientWrite is set to false, this vulnerability does not exist
because a call to setRoom("private1") will be rejected by the server as that
user is not authenticated for that specific private room.
Just thought you might want to raise this warning in the documentation, or
even set clientWrite to false by default.
You can ignore this though, as I personally do not mind since I will set
clientWrite to false, but I believe that this could otherwise cause some
developers to face unexpected problems.
Regards,
Tom
2011/4/9 ericz <
[email protected]>
Hey Tom,
Yes that was regarding function calls.
Variable changes rejections can be done at a lower level than what
we're doing now. It would be a more difficult implementation but the
gains are clear. I'll look into shipping that in the next version.Thanks,
EricOn Sat, Apr 9, 2011 at 9:02 AM, tommedema
[email protected]
wrote:Hi Eric,
Thanks.
Your last remark got my slightly confused though. I assume that you
refuse a
variable change on the server side before even looking at the given data,
right? What did you mean with the size validation or was that regarding
function calls?Regards,
Tom2011/4/9 ericz <
[email protected]>Hey Tom,
We've added the clientWrite option which allows you to stop clients from
writing to the server.nowjs.initialize(httpServer, {clientWrite: false});However changes are rejected on the server side so it is important to
make
sure that any type of data sent to the server is rejected if it
surpasses a
certain sizeReply to this email directly or view it on GitHub:
#43 (comment)Reply to this email directly or view it on GitHub:
#43 (comment)510-691-3951
EECS Student at UC Berkeley
http://ericzhang.comReply to this email directly or view it on GitHub:
#43 (comment)
from now.
Related Issues (20)
- installation fail :( HOT 3
- Can not read the property of 'ressource' undefined HOT 1
- No dev in six months. What is the future of NowJS? HOT 13
- Now module Installation failed ..... throwing error in windows
- npm install now ..... throwing error HOT 1
- Not working with Dojo due to Socket.io-client
- Implementing chat module by using Nowjs HOT 6
- now.js and node autocluster core module
- Issue in limit of sending message in chat
- /nowjs/now.js ??
- website HOT 7
- Connecting to nodejs on http from https site HOT 1
- cannot finde module '../build/Release/nodeproxy.node'
- iOS app crashed in release mode while using Nowjs library
- Now doesn't work with latest sockets.io HOT 2
- Does not work with angular-cli: content.charCodeAt is not a function
- possible spam HOT 1
- Error: Cannot find module 'now' HOT 3
- Error: Cannot find module 'now'
- http://www.nowjs.com is not correct HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from now.