The security of the application is an issue. There is currently a complete lack of encryption beyond the client to server masking included in the websocket standard.
I already have an RSA encryption library I wrote for MessageCat which could be implemented, but we would also have to write an RSA library for the JavaScript side. Might not be too difficult to translate this from the existing library.
However, in the interest of increased security in the future, maybe there is the option of using AES, which would be more secure than RSA, my masochistic self wants to implement this myself but perhaps it might be better to stick to existing ones in this scenario. This is a website which might help us with implementing AES encryption in Java, and a JS script which provides an AES library, available on a CDN.
Furthermore, the current implementation of websocket communication is using the insecure ws protocol, we should migrate to accept only the more secure wss protocol. I will need to do some research into how to adapt the current system to use the wss protocol.
Nathcat
commented
3 days ago
The security of the application is an issue. There is currently a complete lack of encryption beyond the client to server masking included in the websocket standard.
I already have an RSA encryption library I wrote for MessageCat which could be implemented, but we would also have to write an RSA library for the JavaScript side. Might not be too difficult to translate this from the existing library.
However, in the interest of increased security in the future, maybe there is the option of using AES, which would be more secure than RSA, my masochistic self wants to implement this myself but perhaps it might be better to stick to existing ones in this scenario. This is a website which might help us with implementing AES encryption in Java, and a JS script which provides an AES library, available on a CDN.
Furthermore, the current implementation of websocket communication is using the insecure
wsprotocol, we should migrate to accept only the more securewssprotocol. I will need to do some research into how to adapt the current system to use thewssprotocol.