Is it safe to use getSocket js?

M

michaelromanov902017-09-27 20:19:16

Information Security

michaelromanov90, 2017-09-27 20:19:16

Good afternoon. I'm making a website, and implemented private messaging (chat) in it. I

used Ratchet on the php side. On the js side, WebSocket works.

I'm afraid that 3rd parties might be listening on port :8080

Is this possible? Is it possible to do this from the browser debugger console?

To be honest, I don't rummage about security as I should. Will switching to https help in this case? (ws->wss) And how to close the debugger console like Facebook does?

Of course, I’m not making an application for a bank, and I don’t think that everyone will want to hack my projects, but I want to understand the risks in the future ..

Reply

Answer the question

In order to leave comments, you need to log in

1 answer(s)

V

Viktor, 2017-09-28
@michaelromanov90

Of course port 8080 can be listened to.
Closing the console does nothing to improve security.
The correct solution would be to send data only to those users who have access to this data, and not send everything to everyone and then decide in js to show or not to show.
Switching to wss will protect users from wiretapping and traffic spoofing, just like switching to https protects http traffic.