jreznot/electron-java-app

How to ensure that WebSocket is not accessed illegally?

Closed this issue · 4 comments

Hi,This is my question.

Server app should listen only 127.0.0.1 to prevent external access, you should tune it in Jetty runner.

Thank you for your reply.
Sure,Listen on 127.0.0.1 can prevent external access.
How do It prevent other program access in local?

Integrate authentication to your application, something like login form - it is required if your application stores sensitive data. Plus you can modify UserAgent of electron part, for instance include there a secret key, then check this secret key using HTTP filter in the server part, that will prevent random access from third party applications.

thanks.
now i have a clue.