Closed hrdwdmrbl closed 12 years ago
The above won't work since someone can still connect directly to the socket. If I wanted to add the thinnest layer of security to the websocket request, a password parameter could be appended to the websocket request, like
ws://localhost:3030/?password=foobar
Where might I add this type of functionality to rubyception? I've really only poked around a very tiny bit in the project.
The websocket server is in lib/rubyception/websocket_server.rb. You would probably need to add this in the onopen event for the websocket, and close the connection if the password is wrong.
Also depending on the traffic your production site gets the gem could degrade performance.
These issues (security & performace) will be addressed soon so the gem is more useful in a production environment.
Thanks. Can't wait for those features. :)
I really love the project, but it's completely unusable in production without some form of protection.
i just added
to ApplicationController#index to offer a mimum level of protection. One could even do something like
redirect_to root_url unless current_user.admin?
If there a recommended way?