Comments (5)
What type of encryption are you looking for? Server-Client or Server-Server? What protocol are you most concerned about?
If you are looking to encrypt Client-Server, the first step is always to encrypt the transport layer (https for web/web sockets and TLS for socket clients). There aren't helpers for TLS steaming yet, but i'll put in an issue to add it.
from actionhero.
Assuming you were asking for TLS sockets, that feature is now available on master and will make it into the next release.
I would like to hear more detail on what you are trying to do so I can help.
from actionhero.
Thank you for your quick response,
I would like to encrypt chunk of data transmission.
Server should be avoided from fault-data attacks.
I want to make sure that data transmission will not be modified before reach destination,
and server should ignore any data that not come from its clients.
from actionhero.
I think you are asking for a few separate things here:
* encryption*
- I'm assuming you mean client-server communication
- https and TLS are fully encrypted protocols, and thanks to that last commit, you can enable these and disable their 'plaintext' variants. This will ensure that your messaging for all protocols (socket, web, websocket) is encrypted.
- this should meet your requirements unless you are asking to send encrypted strings as well. If that's the case, I would need to know more about your application, and more importantly, how you plan to send the encryption keys to the client ahead of time (since they can't be encrypted to begin with).
** fault-data attacks **
- I'm not entirely sure what you mean here, but I'm going to guess that you are referring to parameter overloading.
- actionHero will only accept params you define in your actions (all others will be ignores) Check here ('safe param's) for more details https://github.com/evantahler/actionHero/wiki/Web-Clients
- As with any site, you are responsible for sanitizing and validating user's input before using it.
connection.params
will be available for you in any action to check and modify - actionHero is meant to be an API framework, and not just for websites. This means that we will not be doing any CSRF / cross site forgery protection by design. If you are using the secure variants of connection protocols that shouldn't be a problem.
- If you want to implement a session-store (based on unique connection IDs which actionHero assigns) here's an example: https://github.com/evantahler/actionHero/wiki/init-session
** server should ignore data that doesn't come from it's clients **
- as a rule, the server needs to be available to listen to any new client that might show up
- using the above methods, you can create authentication systems and enforce that connection.session have an authentication bit for 'protected' actions (this is very common).
- If you need help writing a log int system, let me know
I hope this helped!
from actionhero.
Thank you very much.
from actionhero.
Related Issues (20)
- Vulnerability CVE-2020-7598 is introduced by package minimist HOT 2
- I cannot queue Task HOT 5
- `task.enqueueIn()` and `task.enqueueAt()` does not run the `preEnqueue` and `postEnqueue` methods of Task Middleware
- Actionhero Build Fails - Duplicate identifier 'LibraryManagedAttributes' in yarn workspace monorepo HOT 2
- ActionheroWebsocketClient typescript support HOT 8
- memberDetails are blank when getting stored in Redis HOT 1
- Cannot overwrite client JS in tests HOT 1
- Chat middleware can choose to "squelch" a message HOT 5
- CLI Options without a short letter are upper-cased
- [Feature]: Swagger in-path variable replacement only works for 5 path parts deep HOT 2
- [Bug]: utils function is causing side effects to the input object. HOT 2
- [Feature]: critical vulnerability in formidable dependency HOT 2
- [Bug]: actionhero generate does nothing on windows HOT 11
- [Bug]: Missing package @types/glob and deprecated PromiseValue method. HOT 4
- Actionhero can support ESM imports
- [Bug]: Pass config object to actionhero start method. HOT 3
- [Feature]: integration with async local storage HOT 2
- [Bug]: Cache inconsistency HOT 5
- [Bug]: formOptions maxFileSize not updating HOT 1
- Formidable package vulnerability CVE-2022-29622 HOT 6
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from actionhero.