Securing a chat application (on the client side)
I've been messing around recently with a simple IM-like web app that uses Rails for the backend, and a pub/sub library called Faye. I've been experimenting with Faye and it's pretty good, although I have also been delving into socket.io (Faye has the ability to use websockets). I'm also using a gem called private_pub which 'secures' Faye.
Onto the question...
Are there any good sources of information for 'securing' socket.io?
Ideally, what I want to do is only allow for people that are authenticated to send/receive messages (so you'd need to be authenticated to send a message)
I've looked into authorisation for socket.io but if anyone would be willing to share a few tips and whatnot it would be greatly appreciated!
~Adil
Re: Securing a chat application (on the client side)
Just have the user authenticate via some auth event when they connect, then reject any messages they send and/or disconnect them and display such on the client.
I have no idea what such an authentication would look like because it depends highly on what you're making, so that's your part.
Re: Securing a chat application (on the client side)
You're using Ruby on Rails for the backend? Umm... Ruby would be more suitable for creating a chat server than its web application framework Ruby on Rails would be. I'd recommend node.js as well, though you probably know ruby more than javascript, and ruby can do a fine job of it.
As jMerliN said, it's somewhat difficult to give you specific advice without knowing the inner workings of your chat server. Depending on how the chat server and client are set up, 2-way authentication may be appropriate - though it may not be. Do some research into client server authentication.
Re: Securing a chat application (on the client side)
Have a look at the Secure Sockets Layer (SSL) and the Transport Layer Security (TLS) - Transport Layer Security - Wikipedia, the free encyclopedia
They are protocols to provide communication security over Sockets. This includes authentication as well.