CODEWITHSUNDEEP
jsonnode.jssecuritywebsocketreal-time
Xsmael
Xsmael

Reputation: 3932

Websocket based app, Security and Real-time good practice?

I'm using websocket for real-time communication for my mobile app project. I implemented basic security logic: To connect to the server, the client must have a key,

-when the client connects to the server it sends immediately a JSON object containing authentication information

{
    action:"auth",
    device_id: "string",
    auth_key: "string",
    user: "string"
}

-The server replies with a session id if the key is correct, or drops the connection - From that, every data sent by the client, will be JSON object having that session id, so that the server, can recognize it, all unknown clients are dropped.

Now the big problem is that, WebSocket protocol doesn't understant JSON, so i have to use JSON.stringify() and JSON.parse() to send my data through, also i have to check if the session id is valid this takes time and the application is not smooth anymore(before it was).

For example, if it records mouse pointer moves, such data will be sent to the server as the mouse is moving, so it sends data several times in short period , and because the logic i've implemented, it's not smooth at all

{
    session_id: "string",
    user: "string"
    action:"mousemove",
    position:  {
        x: int, 
        y: int 
    }
}

My concerns are:

-Secure the server, so that no one can access it and send commands, without authorization.

-Keep it REALLY real-time

-Have a good data format (as JSON if possible)

Upvotes: 1

Views: 750

Answers (1)

Vitaly Kulikov
Vitaly Kulikov

Reputation: 723

To really make your communication secure, you need to use TLS connection. Stuff you are doing with users authentication looks ok.

But it's strange that authentication time is a problem for you, probably you need to implement session cache, to make session id validation quicker.

JSON isn't best format for network data transferring from size perspective, but WebSocket specification doesn't specify formats, it's up to you what to use, and JSON is also ok, unless you are really concerned about traffic savings.

To make your communication smooth, you can aggregate data on client side, and send this data once per second for example. I believe you don't need so much mouse coordinates actually.

Upvotes: 2

Related Questions