After reading this article I am wondering how does Phoenix handle security in Websockets?
1 Like
Well that article was not about websocket security at all. ^.^
Passing tokens via a websocket for authentication is pretty standard and secure, in addition both Slack and Phoenix do it the same way.
The issue in the article was cross-origin messaging in Slack being insecure, and Phoenix does not touch that at all by default so if you open up such a security issue then it will be by your own doing.
4 Likes