Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Security issue with socket.io coding #135

Closed
knvpk opened this issue Dec 15, 2015 · 17 comments
Closed

Security issue with socket.io coding #135

knvpk opened this issue Dec 15, 2015 · 17 comments
Labels
Bug Priority: High

Comments

@knvpk
Copy link
Contributor

knvpk commented Dec 15, 2015

Any body can listen to socket.io channel for another persons also. Is this security issue ha?
@REBELinBLUE
Copy link
Owner

That is a very good point actually, I will have to look into how to use authentication with socket.io/redis pubsub

@REBELinBLUE
Copy link
Owner

https://github.com/auth0/socketio-jwt
https://github.com/facundoolano/socketio-auth
http://stackoverflow.com/questions/31233578/laravel-5-socket-io-client-authentication-using-laravel-session-data

@knvpk
Copy link
Contributor Author

knvpk commented Dec 17, 2015

socketio-jwt is for JWT authentication, I dont know regarding the below two links, i will checkout those links.

@REBELinBLUE
Copy link
Owner

Yeah sorry that was more notes for myself to look at

@knvpk
Copy link
Contributor Author

knvpk commented Dec 22, 2015

IHi @REBELinBLUE , take a look at this discussion https://laracasts.com/series/real-time-laravel-with-socket-io/episodes/2#comment-2309468203

@knvpk
Copy link
Contributor Author

knvpk commented Dec 22, 2015

And also this post https://www.ukietech.com/blog/programming/step-by-step-instruction-of-setting-up-real-time-secure-broadcasting-with-laravel-5-1-socket-io-and-redis/

@REBELinBLUE
Copy link
Owner

Thanks, I will take a look. Just finished work for the holidays so should get a chance to fix this, although probably not until sunday

REBELinBLUE added a commit that referenced this issue Dec 29, 2015
@REBELinBLUE
Work on add JWT to address issue #135
2d910fc
@REBELinBLUE
Copy link
Owner

Working on this, think I have it working, need to do some testing and some cleanup

@knvpk
Copy link
Contributor Author

knvpk commented Dec 29, 2015

Hey thanks, Im developing docker image for this project so that anybody can install instantly ans also scale. But its still in dev , take a look at https://hub.docker.com/r/katakampavankumar/docker-deployer/.

@REBELinBLUE
Copy link
Owner

Awesome, thanks. Will take a look in a bit, never actually used docker

@knvpk
Copy link
Contributor Author

knvpk commented Dec 29, 2015

its a containerization concept, i really like it and im doing everything with dockers now. like virtual box but application level virtualization where as virtualbox is hardware level virtualization.

@REBELinBLUE
Copy link
Owner

Yeah I know what it is, we are moving to it from OpenVZ at work, I've just never gotten around to actually playing around with it myself ;)

@knvpk
Copy link
Contributor Author

knvpk commented Dec 29, 2015

I'm also still learning ....

@REBELinBLUE
Copy link
Owner

I have merged it into master now, seems to be working fine for me, let me know if it works for you.

@REBELinBLUE REBELinBLUE reopened this Dec 29, 2015
@knvpk
Copy link
Contributor Author

knvpk commented Dec 29, 2015

Sure.

@REBELinBLUE
Copy link
Owner

Sorry, just realised I haven't updated the update command to generate JWT_SECRET in .env, doing so now

@REBELinBLUE
Copy link
Owner

Done

REBELinBLUE added a commit that referenced this issue Dec 29, 2015
@REBELinBLUE
Merge branch 'master' into release
78ccdbc 
* master: (27 commits)
  Generate the JWT key
  Added debugging to node.js server JWT middleware
  Move JWT generation to a service provider and use auth.login to generate on login and auth.logout to clear session on logout
  Removed unneeded route
  Work on add JWT to address issue #135
  Revert "Update .phpci.yml"
  Update .phpci.yml
  Fixed indentation
  Fixes #137 by checking if nginx is installed
  Revert "Change StyleCI rules to laravel"
  Change StyleCI rules to laravel
  Clean up code
  Updated dependencies
  Fix the vagrant box version to 0.3.3 until I have time to test PHP 7
  Change hard coded integer to constant
  Updated dependencies
  Fixing update_only field
  Updated dependencies
  Updated dependencies
  Fixed path to coverage reports
  ...
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Bug Priority: High
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@REBELinBLUE @knvpk