incubator-callback-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Marlin Mixon <marlin.mi...@gmail.com>
Subject Re: Greetings plus discussion of WebSockets for Android
Date Thu, 01 Mar 2012 06:12:00 GMT
A quick update on WebSocket: It looks like the latest WebSocket spec
(RFC 6455) addresses the security issues.  The current PhoneGap branch
that is a year old contains WebSocket.java that only offers the  the
older insecure Draft 75 and Draft 76 WebSocket protocols. I did some
searching around and found the original source of WebSocket.java.  The
author is Nathan Rajlich and it so happens that his Java-WebSocket
project is being actively developed.  The project is at
http://java-websocket.org/ and the repository is here
git://github.com/TooTallNate/Java-WebSocket   I've reviewed the code
and this newer version has WebSocket protocol options for not only the
original Drafts 75 and 76 but also Hybi 10 and Hybi 17.  Hybi 17 is
identical to the protocol defined by RFC 6455 which was released in
December 2011.  I'm checking with Nate to see if he sees any problems
with using his code (currently licensed under MIT)

So what that means is if we incorporate Java-WebSocket into Cordova
Android it should be pretty straightforward and the security issues
should then be resolved.


On Wed, Feb 29, 2012 at 3:25 PM, Bryce Curtis <curtis.bryce@gmail.com> wrote:
> The issue is discussed http://davidwalsh.name/websocket-security and
> http://blog.kotowicz.net/2011/03/html5-websockets-security-new-tool-for.html
> .
>
> It has been fixed in the latest spec (
> http://tools.ietf.org/html/rfc6455#page-50), so it's a matter of using a
> client/server that is compliant.
>
> On Wed, Feb 29, 2012 at 10:31 AM, Filip Maj <fil@adobe.com> wrote:
>

Mime
View raw message