Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
V
V
Vadim Stepanenko2018-03-19 19:44:41
PHP
Vadim Stepanenko, 2018-03-19 19:44:41

Is this implementation of private socket requests safe?

Hello!
I found a working socket server for chat on github (only for chat). I fiddled with it, made a content update on it and some other little things. There was a need to send personal notifications to a specific user. As far as I understand, this is not provided for in the current implementation of the server socket, so the following idea appeared:
1. Attach an encrypted key to the message (receiver's name + salt)
2. On the php-side, when authorizing in $_SESSION['hash'] like this put the cipher (same username + salt)
3. When a message is sent, it is sent to all users. And on the client side of each user, check the keys, if they match, then show a notification
. Is such an implementation of personal socket requests safe?

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

2 answer(s)
Report
A
Andrey Tsvetkov, 2018-03-19
@yellow79

Quite a strange interaction scheme, especially about "send to everyone".
When connecting to a socket server, each client sends identifying information, id, name, whatever. Further, when you want to send a message and it should not be for everyone, then send only to those for whom the message is intended. You should end up with an array of objects that contains identifying information that you will use to calculate to whom to send and links to the connection to which to send data. Before sending a message, go through the array, if the info matches the criteria, then send, no, then take the next element

Report
V
Vladimir Skibin, 2018-03-19
@megafax

If you have an implementation on socket.io, then you can make the implementation through rooms. When connected, the socket itself can be thrown into certain rooms: a room with all connections of one user from all devices, a notification room, a room for access rights, etc. And in the future, do emit in a certain room.
Your option involves sending data to everything that is not correct, since the check occurs on the client side, but what if there is some kind of "confidential" notification?

Similar questions
S
sabanovvv2014-04-27 17:27:52
How to create a traffic situation constructor? 4Reply
B
bio2015-03-31 04:08:43
How to make a soap xml parser? 2Reply
D
deadmemoras2016-06-18 10:28:34
Work abroad without experience? 10Reply
R
Ruslan Leviev2012-06-30 18:29:53
Can you give links to mysql / php / linux problem books? 3Reply
S
SwoDs2018-04-06 18:47:37
SOAP response comes with key and value nodes? 1Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question