securing apps

Discussion in 'General Discussion' started by Gabriel T, Dec 6, 2017.

  1. Gabriel T

    Gabriel T Member

    Hello
    my webrtc app is almost finish and now the big question: how to secure it ? sorry i know its not related to wcs but more about javascript design, but you probably asked yourself this question too.
    so yes minifying js code is a way to make it harder to recever engineer it, but still not a real security solution.
    for example, when it comes to publishing (my app is a multi user video conferencing room), i have my function that start publishing...but in my case, not everybody is allowed to publish, only room admin can controll who can publish or not. but its easy for somebody who found the publishing function to call it in the console. Any workaround on how to secure these kind of actions ?

    thanks for your help and ideas
  2. Max

    Max Administrator Staff Member

    Hello

    Room API works with internal RoomApp by default
    So WCS sends REST requests to:
    http://localhost:9091/RoomApp

    To implement security you have to create your own app in middle.
    For example http://host:80/YourApp
    Your app should
    1. Delegate REST requests to default app http://localhost:9091/RoomApp
    2. Reject /publishStream with 403 Forbidden if it is not authenticated.

    Please checkout attached screenshot

    Attached Files:

Share This Page