B4J Question About WebSocket Server Security

[vfafou]

Hello!
I need to know which is the best way to secure my web socket server from hacker attacks.
I'm asking because there is a port of the server open and available to the web, without any security because it is needed to be accessed by several anonymous tablet devices.

Thank you in advance!

 

[Erel]

It depends on what you are trying to protect. All web servers have an open port. This doesn't make them vulnerable.

Are you distributing your app over the internet? Do you trust the app users?

 

[vfafou]

It depends on what you are trying to protect. All web servers have an open port. This doesn't make them vulnerable.

Are you distributing your app over the internet? Do you trust the app users?

Hello Erel!
Yes, I'm distributing my app over Google Play. I don't trust the users. May the app be downloaded from others not related to this app.
BTW, is there any way to restrict the distribution to specific people?

 

[Erel]

BTW, is there any way to restrict the distribution to specific people?

Not through Google Play. You can however create implement a log in form or something similar.

You should think what will happen if someone decompiles your app and learns how it works. For example if you are sending raw SQL commands from your app, some one can send a malicious command and delete the app.

Whether there are security concerns depends on your specific solution.

 

[vfafou]

There is a login form and all authentication is being with messages sent and received. There is not any SQL from tablets to the server. All SQL commands are executed from server app, inside properly written events.
The only thing that makes me worry, is that it is needed to make the connection to the web socket server before the authentication, in order to be able to send the credentials to the server!
Or I have been missing something?