Skip to content

Instantly share code, notes, and snippets.

@pkirch
Created January 23, 2020 13:18
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
Star You must be signed in to star a gist
Save pkirch/8f26b1e4c5c7dd7d789e491eebce3e8f to your computer and use it in GitHub Desktop.
Summary of a research about best practices for and securing of web sockets which are used in a client-server architecture. (No browser-server scenario.)

Best Practices for and Securing of Web Sockets

In one of our customer projects we have used Web Sockets for client-server communication of real-time data.

Question

What are the characteristics of Web Sockets vs. RAW sockets?

Answer

Raw TCP Sockets and Web Sockets

  • full-duplex connection
  • implementation is library dependent and OS independent

Web Sockets

  • message oriented via frames in Web Sockets Source
  • runs on application layer on top of HTTP
  • compatible with most firewalls and proxies
  • compatible with most modern web browsers
  • not auto-recover of terminated connections
  • encryption included through wss, incl. man-in-the-middle-attack

Raw TCP Socket

  • faster than Web Sockets (magnitude of 10x) Source
  • runs on transport layer on top of TCP

Links & References

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment