I am trying to integrate Firebase with my Cocos2d-JS application. Unfortunately, Cocos2d-JS does not support secure websockets, so I am trying to connect to Firebase using the WS protocol. Firebase is returning a 404 when I try this. Is it possible to enable the unsecured websocket endpoint with Firebase? It would be great to use this while developing, and then work on getting secure websockets working once the game is finished. The game is just for a uni project, so security is not a major concern.
Per #Kato's comment, this is not currently possible. You must use SSL.
If this is something you need, please make a Cocos2d-JS feature request or a Firebase feature request.
Related
I learned the hard way that the browsers' WebSocket API does not support back-pressure. Is there a way to work around this limitation without having to manually implement control flow on the application layer protocol? Would it for example be possible to implement a full WebSocket client in WASM, instead of having to proxy everything through the browser's API?
Back-pressure: no changes to the protocol that are addressing this issue are published to this time.
WebAssembly: there is no access to the WebSocket API (or any other) at this time from a pure WebAssembly module. You will have to use JavaScript in one way or another.
When we use Google Apps Script to call the Google/YouTube API (such as YouTube API, YouTube Content ID API etc), 3 legged oAuth authentication approach, sometimes we got the message "backend error". If we tried again, the same call would be successful. The backend error rate sometimes is pretty high.
We also used (we also could use) Google Cloud Client Library and service account to call Google/YouTube API, 2 legged oAuth authentication approach to make the same API call.
Due to Google encourages us to use newer Cloud Client Library if we can ,instead of the older API library, I am wondering will the backend error rate going down if we use the Google cloud client library calling the Google API instead.
Or backend error is purely on Google Backend, it does not matter which library we use to call the API?
Thanks!
Google Cloud's Client Libraries can give you some performance benefits by using gRPC. This is because gRPC-enabled API clients use protocol buffers and gRPC over HTTP2 to talk to the RPC interface.
Protocol buffers are smaller and faster than using JSON over HTTP to the REST interface. So, in a way, they're better for everyone and can provide lots of benefits in terms of throughput and CPU usage.
But, if there's a fail after the backend's RPC interface, then there is no difference.
Also note that they could provide an exponential backoff strategy to handle errors and retries.
I'm working on a PoC of a system where a mobile app client needs to be connected on a server with communications going both ways : either for updating the server or being updated by it. There is no client-to-client communications for the moment.
The client logs in the server via an HTTPS/POST method and gets back a token if the credentials are OK. This token is to be used by any further communication in order to authenticate the user. The reason why I'm using HTTPS for logging in is that there also is a web interface for other purposes.
I could not find a tutorial or documentation that explains how to implement this use case with channels based on websocket transport. All I found so far are either partial and focus on some specific aspects (eg authentication, setting SSL/TLS, etc) and assume the reader already knows the rest or are the over simplified implementations of the chat app. I'm sure I'm not looking at the right place...
My questions are:
What would be the list of callback to implement this use case on
either side
On the server: how does a process send notifications to the
client
NB: I'm using Elixir 1.5.1 and Phoenix 1.3
From the Phoenix guide:
Each Channel will implement one or more clauses of each of these four callback functions — join/3, terminate/2, handle_in/3, and handle_out/3.
The page I linked contains also an MCVE of sockets running on Phoenix. In the bottom there are examples of how the server-client communication is done.
The only thing to apply this to your use-case would be to use one of authentication libraries (e.g. Überauth that comes with great examples) to handle token on each subsequent connection request.
More of a question of understanding rather than looking for a technical solution. I'm on a team working to build an iOS application that needs database support. We're using Swift for the application code. A Django REST API wraps a MySQL database on the backend. The two are communicating over HTTP using Swift's NSURLSession class.
We will be passing password information over one of the http requests, and so we want to up the requests to HTTPS. On the API side we can force traffic through SSL middleware using django-ssilfy.
My concern is that including this library does nothing on the client-side. As far as I know we will only need to change the url to include 'https://' rather than 'http://'. It seems that the data passed will only be secure once it reaches the API, rather than over the entire connection.
Is there anything we must do to secure the data being passed over the NSURLSession on Wi-Fi and mobile networks? Or is simply pointing the session at an API view that is throttled through a SSL port enough to ensure the request is secure?
Please let me know if I am way off track or if there is any steps other than django-ssilfy that I should take in order to make all http communication secure!
Go SO!
This question is more about whether or not SSL is secure, and less about if any of the tools that are being used make it less secure.
Luckily the Information Security Stack Exchange has your answer with an in-depth explanation as to how TLS does help secure your application.
When it comes to securing your Django site though, django-sslify is a good start, but it's not the magic cure to security issues. If you can, it's recommended to not serve insecure responses, which works well for API hosts (api.github.com is one example), but not if your API is hosted on the same domain as your front-end application. There are other Django apps available that are recommended, such as djang-secure (parts of which were integrated into Django 1.8).
You should also follow the Django security recommendations, and revisit them with new major releases. There are other resources you can look at, like "Is Django's built-in security enough" and many other questions on the Information Security Stack Exchange.
I'm trying to develop an extension that detects every connection made by the browser to figure out the URLs being accessed. I know that this is possible via writing an HTTP/SOCKS proxy and configuring the browser to flow traffic via that. However, that's kind of overkill for the application that I'm trying to develop and it's best done as a Firefox Add-on if that's possible. Any clues/pointers would be highly appreciated.
Use nsIHttpActivityDistributor and there is many information about the http transaction and socket transport through observeActivity callback.
Read the official documentation https://developer.mozilla.org/en/Monitoring_HTTP_activity.