I see a couple ways to combat that. \* Your TURN server should provide APIs that... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		Sean-Der 8 months ago \| parent \| context \| favorite \| on: Show HN: An Almost Free, Open Source TURN Server I see a couple ways to combat that. * Your TURN server should provide APIs that allow you to verify that allocations/permissions are only created for your users. * Use an auth mechanism that has an expiry time. Like [0] [0] https://github.com/pion/turn/tree/master/examples/lt-cred-ge...

cookie_monsta 8 months ago [–]

> * Your TURN server should provide APIs that allow you to verify that allocations/permissions are only created for your users.

coturn provides these APIs, they're not covered in the writeup, though

> * Use an auth mechanism that has an expiry time. Like [0]

This is how the credentials server in the write up works

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact