We are using google public stun server in one of our application in the test environment. And, we are also installed Turn server.
The issue is - When we run the app, in the javascript file, we have put username, password and server address of turn server in order to make connection.
But, it shows the credentials in the javascript debugger which is a security issue. Is anybody have a solution how we restrict showing credentials from the javascript file ?
We are using google public stun server in one of our application in the test environment. And, we are also installed Turn server.
The issue is - When we run the app, in the javascript file, we have put username, password and server address of turn server in order to make connection.
But, it shows the credentials in the javascript debugger which is a security issue. Is anybody have a solution how we restrict showing credentials from the javascript file ?
Share Improve this question edited May 8, 2015 at 14:17 deceze♦ 523k88 gold badges799 silver badges941 bronze badges asked May 7, 2015 at 18:57 Bhupinder SinghBhupinder Singh 2842 silver badges15 bronze badges1 Answer
Reset to default 9The TURN password is always exposed to Javascript. See https://datatracker.ietf/doc/html/draft-uberti-behave-turn-rest-00 for the most monly employed workaround.