Ask coding questions

← Back to all posts
https Node js not working
nbbcsf (2)

So I'm creating this app in node.js, and I want to encrypt all the client-server information, so if some hacker gets through, he gets nothing. I know a website created on replit is automatically https, but it's obviously not encrypted (I tried to "hack" my application and it was NOT encrypted). So I'm trying to use open-ssl, but when I change http to https (const https = require('https');), replit says "make sure your repl is open to http traffic". Any help would be much appreciated or I'll probably need to drop replit.

I'm using express.

Comments
hotnewtop
programmeruser (575)

I tried to "hack" my application and it was NOT encrypted

What do you mean?

nbbcsf (2)

@programmeruser I tried to access server-client messages and it wasn't encrypted...

programmeruser (575)

@nbbcsf what do you mean by "access server-client messages"?

nbbcsf (2)

@programmeruser I'm using socket.io and I connected from a different repl using the site namespace.

programmeruser (575)

@nbbcsf what is the "site namespace"?

nbbcsf (2)

@programmeruser for socket.io - you use namespaces. For example, I have a repl called test, and my namespace is /info. From another repl, I can get all the information by connecting to https://test.nbbcsf.repl.co/info and get all the information.

programmeruser (575)

@nbbcsf it is encrypted, it's just decrypted on the other side...

nbbcsf (2)

@programmeruser hahahaha then what's the use if anyone can decrypt it? To waste some time?

programmeruser (575)

@nbbcsf if you can't decrypt it then how are you going to access the data? The purpose is the stop man-in-the-middle attacks.

nbbcsf (2)

@programmeruser no - the problem - anyone can just receive the data and it's decrypted...

programmeruser (575)

@nbbcsf you would run into that problem whether or not you used repl.it, HTTPS does not protect against that sort of attack.
https://softwareengineering.stackexchange.com/questions/372726/preventing-abuse-of-api-which-is-called-via-client-side-javascript

Wumi4 (486)

It's because repl.it only uses HTTP, not HTTPS, so you can't encrypt your website. The best way is to run it locally on your computer.

nbbcsf (2)

@Wumi4 lol :( probably ditching replit then.