Security in Websockets

After reading this article I am wondering how does Phoenix handle security in Websockets?

1 Like

Well that article was not about websocket security at all. ^.^

Passing tokens via a websocket for authentication is pretty standard and secure, in addition both Slack and Phoenix do it the same way.

The issue in the article was cross-origin messaging in Slack being insecure, and Phoenix does not touch that at all by default so if you open up such a security issue then it will be by your own doing. :wink:


That explains it…Thanks a lot @OvermindDL1