HTML and CSS Reference
Currently, what you need to know is that the protocol is designed to be as secure
as possible. Be careful though! WebSocket is a brand-new protocol and not all web
browsers implement it correctly. For example, some of them still allow the mix of
HTTP and WS, although the specification implies the opposite. Everything is subject
to change, and while waiting for the browsers to mature, you can easily adopt some
protection techniques yourself.
So, the old-school problems are not solved. Remember those bad people who sniffed
the HTTP and intercepted into the web traffic? Well, the WS can be sniffed the same
Here are some common security attacks you need to be aware of, and consequently,
some ways you can protect your app and your users.
Denial of Service
Denial of Service ( DoS ) attacks attempt to make a machine or network resource un-
available to the users that request it. Imagine that someone makes an infinite number
of requests to a web server with no or tiny time intervals. Obviously, the server won't
be able to handle every connection and will either stop responding or will keep re-
sponding too slowly. That's the simplest form of a DoS attack.
There isnoneedtomention howfrustrating this might beforthe end-users, whocould
not even load a web page.
DoS attack can even apply on peer-to-peer communications, forcing the clients of a
P2P network to concurrently connect to the victim web server.
The following figure describes a DoS attack: