We are using google public stun server in one of our application in the test environment. And, we are also installed Turn server.
The issue is - When we run the app, in the javascript file, we have put username, password and server address of turn server in order to make connection.
But, it shows the credentials in the javascript debugger which is a security issue. Is anybody have a solution how we restrict showing credentials from the javascript file ?
The TURN password is always exposed to Javascript. See https://datatracker.ietf.org/doc/html/draft-uberti-behave-turn-rest-00 for the most commonly employed workaround.