node.js - Is a Socket.IO socket ID sensitive/private data? -
when new connection handled socket.io, creates socket
object, , 1 of object's properties id
. "unguessable" (according documentation) string used identify connection.
when building applications, considered safe, secure , practice broadcast id other clients? inclination hashing id , broadcasting digest may better idea.
the id not sensitive data unless own code somehow makes sensitive. there no socket.io client operations take socket id, if client has socket id, there nothing can unless code implements message operate on it.
it unguessable can use id share other clients while not allowing client know who's id might have been given (like anonymous id).
so, using identifier refer other user's socket intended , not cause security or privacy issue unless own client operations cause such.
Comments
Post a Comment