EasyRTC node websocket socket.io respons to browser is turnserverICE credentials

I discovered that if user is connected to chat(web socket)…second line in the wss://example.com/socket.io returns the “token” message with all user ids and appIceServer credentials (from server side option file) (these are Turn servers with username and password). What is the point of these credentials if it’s public like this:

....,"iceConfig":{"iceServers":[{"urls":["stun:example:1234"]},{"urls":"turn:example:1234","username":"test","credential":"123456"},....

The File that generates that respond:

(search for tokenMsg)

I can remove these parts from the file but then the turn servers are not used, removing does not seem to be the solution.

LIVE DEMO I FOUND: https://www.treatfield.com:8443/demos/demo_instant_messaging.html
(inspect WS)

node server file is here: https://github.com/open-easyrtc/open-easyrtc/blob/master/server_example/server_ssl.js (other one is server.js (http))

How to avoid this. What’s wrong with this, is this normal?

EasyRTC isn’t something that I’ve dealt with before, but I can guarantee that the people at the EasyRTC forum should be able to help resolve this issue for you.

I understood, after reading, that it’s normal, but for security you need to change your passwords like every day using automatic system REST API(turnservers). But still sounds insane compared to server side development, probably that solution is insane let see what I have.

WebRTC tech seems to be pretty open app for everyone. All data you send and receive is JavaScript, need to decrypt and encrypt everything, don’t know how possible is that for all the things.

Need to look up a lot of code in this framework.
20 of X problems solved

Thank you, I am learning.

This topic was automatically closed 91 days after the last reply. New replies are no longer allowed.