A chat with nowjs or socket.io is one of the easiest exercises you can perform with them. I want to implement a multi-room chat (with a non-fixed number of rooms and logged users), using nowjs' Group objects.
I've not worked with WebSockets directly, yet, and I want to know what security concerns are there. For example, how often do I have to check for authentication?
Is it possible for an attacker to "hijack" a socket.io connection and how can I prevent it?
What other security traps are there to be concerned?
Socket.io is a javascript library that helps us to build real time web applications like chats and multiplayer games, without having to deal with all the complexity of web sockets.
Man-in-the-middle is certainly a consideration. The biggest security issue, though, would be XSS.
This useful SO thread suggests:
This very informative article suggests:
This useful thread says to set secure:true on socket.io.connect(...)
I'd recommend taking all those suggestions :)
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With