authentication - Websocket Security -

-

i looking implement web (angular) , iphone apps using websockets communicate our server. in past using http requests have used hashes using request data, url, timestamp etc authenticate , secure requests.

as far aware can't send headers websockets requests therefore wondering how can secure each request.

does have ideas or practices?

having secure communication server includes authenticating both parties each other. if need channel different users different authentication credentials through 1 communication channel (which rare idea nowadays), you'll need separate authentication. otherwise, need come key distribution scheme (so apps know public keys of server , server has protocol of getting acquanted public keys of clients, there plenty of patterns this).

to that, there choice gradient bit wider ssl or own crypto (try avoid writing own crypto @ cost).

for webserver-to-browser part of stack, ssl choice, shouldn't considered safety measure, each year unfolds more , more vulnerabilities, cipher degradation cases , trust problems. carries 20 years of baggage of bad engineering decisions , urgent fixes, if can better - it's worth doing so. still, it's better nothing regular webs.

in mobile app use 1 of number of cryptographic libraries providing secure session messaging server higher security guarantees, no reliance:

  • https://github.com/mochtu/libsodium-ios, libsodium-ios, ios wrapper nacl, 1 of best modern cryptographic libraries, has lots of novel implementations ecc cryptography, highly praised in academic circles , written madman keen have best performance under circumstances (in short: adore :) ).

  • themis, project i'm contributor in, have objc-friendly ios version of our library, , handy tutorial on doing secure traffic on websockets in ios: https://www.cossacklabs.com/building-secure-chat


Comments

Post a Comment

Popular posts from this blog

Fail to load namespace Spring Security http://www.springframework.org/security/tags -

-
i have problem namespace of spring security on xhtml page. don't understand why can't load uri, , have following issue: whitelabel error page application has no explicit mapping /error, seeing fallback. tue jul 21 16:58:12 utc 2015 there unexpected error (type=not found, status=404). please need help! possible uri has been changed? best regards you using incorrect namespace url. correct url http://www.springframework.org/schema/security the error page seeing spring source website since not recognize url. try visiting http://www.springsource.org/security/tags in browser update : spring security tags used in jsp page correct tag lib declaration is: <%@ taglib prefix="sec" uri="http://www.springframework.org/security/tags" %>
Read more

sql - MySQL query optimization using coalesce -

-
can explain me why second query faster first? (first 1 takes around 40 seconds, second 1 less 0.1) select releases.feature_code, releases.platform_id, version, release_date, general_available, uri, filesize, display_name, feature_name.full_name, if ((select exists(select 1 release_exceptions releases.feature_code = release_exceptions.feature_code , releases.platform_id = release_exceptions.platform_id , releases.version = release_exceptions.version) = 1), 1, 0) release_exceptions releases left outer join platform using(platform_id) left outer join feature_name using(feature_code) order version desc; ~~~ query 2 ------------------ ~~~ select feature_code, version, release_date, general_available, platform_id, uri, filesize, display_name, feature_name.full_name, coalesce(release_exceptions, 0) release_exceptions mus.releases left outer join ( select distinct feature_code, version, platform_id, 1 release_exceptions mus.release_exceptions ) release_exceptions using ...
Read more

unity3d - Unity local avoidance in user created world -

-
i'm using unity3d networked multiplayer online game have large complex 3d terrain scene forest, trees, cliff, hills, mountains, bounders, etc. players can build structures sort of minecraft, , put them anywhere in scene, or move them around anytime. aside human controlled players, there automated ai players , objects animals roaming around scene following path. the problem how make these automated ai players , animals, able navigate around static , dynamic player created structures, because path follow can blocked player created structures, or other players , other ai objects, cliffs etc. have find away around them or on track if tumble down off high cliff example. so made navmesh , used navagents, takes care of static, non moving objects, how make ai players navigate around each other , dynamic structures created players can number in hundreds? i thought of adding navmeshobstacle everything, result in being attached hundreds of objects since user created structures b...
Read more