securing apps

Gabriel T

my webrtc app is almost finish and now the big question: how to secure it ? sorry i know its not related to wcs but more about javascript design, but you probably asked yourself this question too.
so yes minifying js code is a way to make it harder to recever engineer it, but still not a real security solution.
for example, when it comes to publishing (my app is a multi user video conferencing room), i have my function that start publishing...but in my case, not everybody is allowed to publish, only room admin can controll who can publish or not. but its easy for somebody who found the publishing function to call it in the console. Any workaround on how to secure these kind of actions ?

thanks for your help and ideas


Staff member

Room API works with internal RoomApp by default
So WCS sends REST requests to:

To implement security you have to create your own app in middle.
For example http://host:80/YourApp
Your app should
1. Delegate REST requests to default app http://localhost:9091/RoomApp
2. Reject /publishStream with 403 Forbidden if it is not authenticated.

Please checkout attached screenshot