B4J Question About WebSocket Server Security

Discussion in 'B4J Questions' started by vfafou, Jun 22, 2015.

  1. vfafou

    vfafou Active Member Licensed User

    Hello!
    I need to know which is the best way to secure my web socket server from hacker attacks.
    I'm asking because there is a port of the server open and available to the web, without any security because it is needed to be accessed by several anonymous tablet devices.

    Thank you in advance!
     
  2. Erel

    Erel Administrator Staff Member Licensed User

    It depends on what you are trying to protect. All web servers have an open port. This doesn't make them vulnerable.

    Are you distributing your app over the internet? Do you trust the app users?
     
  3. vfafou

    vfafou Active Member Licensed User

    Hello Erel!
    Yes, I'm distributing my app over Google Play. I don't trust the users. May the app be downloaded from others not related to this app.
    BTW, is there any way to restrict the distribution to specific people?
     
  4. Erel

    Erel Administrator Staff Member Licensed User

    Not through Google Play. You can however create implement a log in form or something similar.

    You should think what will happen if someone decompiles your app and learns how it works. For example if you are sending raw SQL commands from your app, some one can send a malicious command and delete the app.

    Whether there are security concerns depends on your specific solution.
     
  5. vfafou

    vfafou Active Member Licensed User

    There is a login form and all authentication is being with messages sent and received. There is not any SQL from tablets to the server. All SQL commands are executed from server app, inside properly written events.
    The only thing that makes me worry, is that it is needed to make the connection to the web socket server before the authentication, in order to be able to send the credentials to the server!
    Or I have been missing something? :oops:
     
Loading...