Skip to main content

WebSockets meets Security

Posted by Developer.Press on June 11, 2013 at 7:28 AM PDT

WebSockets are intended to build bi-directional connections between a webbrowser and a server. This must be done in a safe way. In addition, the WebSockets have a huge disadvantage (to say it politely).

WebSockets, the safe way

For WebSocket connections you must follow the same rules as for all network connections: the communication partners must be authenticated if necessary, and if the transmission contains sensitive data, the connection must be encrypted.
In case of Websockets, the client is authenticated by the server over the usual HTTP authentication mechanisms such as cookies, HTTP authentication or TLS authentication. For encryption you can use TLS (Transport Layer Security). While a conventional WebSocket connection is established via HTTP, a protected one uses HTTPS. The distinction is based on the URI schemes:

Normal connection: ws://{host}:{port}/{path to the server}
Secure connection: wss://{host}:{port}/{path to the server}

Regardless of the authentication and / or encryption of the data, the well-known principle

Related Topics >>