Comments (6)
Hey @Doclassif, can you elaborate on why you think that might be unreliable?
from reverb.
Hi @joedixon, it seems to me that anything can be hacked and stolen, including keys, application IDs, and so on. Authenticating the client on the rewerb side would make it more secure to identify the user ID of a token "generated on the other side" (e.g. in the same keycloak).
from reverb.
@Doclassif, still not 100% sure I'm following how keys can be stolen. Could you give me an example just so we're on the same page?
from reverb.
@joedixon, it's very simple: take the developer hostage =). Human factor, somewhere they didn't keep track and a vulnerability appeared in the cluster, somewhere they just didn't protect it properly and so on. I realize that the solution may be redundant and I am exaggerating everything very much, but still just want to know the point of view of professionals and parents of the project.
from reverb.
Reverb is implemented with the Pusher protocol. It's possible to join public channels without auth, but private and presence channels have to be authorized first before being allowed to join. We also have support for encrypted channels if you need end to end encryption.
from reverb.
@joedixon, I've heard all I need to hear, thank you.
from reverb.
Related Issues (20)
- Reverb not sending any event to client HOT 11
- Event broadcasting wrongly serialize payload HOT 2
- I have issue in reverb broadcasting HOT 5
- Reverb with Self-Signed Certificate and Supervision as Queue Worker HOT 5
- I have issue in reverb broadcasting with Laravel Forge HOT 5
- Add backend listener for presence channel events to log user attendance HOT 11
- Backward compatibility. HOT 1
- Reverb\Http\Server dispatches requests without request body (intermittently) HOT 7
- Health check endpoint to support GKE deployment using GCE Ingress
- Laravel Reverb with Octane HOT 1
- Pusher error: Internal server error.. HOT 8
- could not find driver (Connection: mysql, SQL: select * from `cache` where `key` = laravel:reverb:restart limit 1) HOT 2
- redis is empty HOT 1
- Reverb on Subdomain can't initiate websocket server HOT 1
- Can we have a bidirectional connection with reverb?? from client to server and from server to client?? HOT 4
- In listener broadcast back job hanging on CURL Error HOT 20
- When activated for more than a day, it connects very slowly HOT 12
- Reverb not connectable locally via WebSocket (404) HOT 5
- Echo not subscribing to Reverb on production (works fine on my local) HOT 1
- Bubble up Exceptions HOT 5
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from reverb.