Menu
We are using google public stun server in one of our application in the test environment. And, we are also installed Turn server.
The issue is - When we run the app, in the javascript file, we have put username, password and server address of turn server in order to make connection.
But, it shows the credentials in the javascript debugger which is a security issue. Is anybody have a solution how we restrict showing credentials from the javascript file ?
825
For most WebRTC applications to function a server is required for relaying the traffic between peers, since a direct socket is often not possible between the clients (unless they reside on the same local network). The common way to solve this is by using a TURN server.
What is a TURN Server? WebRTC TURN Server is required to relay the traffic between the peers when direct connection cannot be established among them.
STUN and TURN servers are two types of WebRTC signaling servers that can be used to create your peer-to-peer (P2P) connection when you are building a real-time communication application.
The TURN password is always exposed to Javascript. See https://datatracker.ietf.org/doc/html/draft-uberti-behave-turn-rest-00 for the most commonly employed workaround.
185
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
