I recently started learning about the gRPC framework. When running a server, one can use a secure or insecure channel grpc.secure_channel or grpc.insecure_channel (using python sintax).
What are the dangers of using the insecure channel? Is it discouraged to run a server through server.add_insecure_port("[::]:{port}")?
Related
I have a nodejs based web app that uses http2 library of nodejs. I start my app
HTTP/2 server is listening on port 3000. PID: 238718.
and want to check app's homepage: http://localhost:3000/
I have an error in Chrome browser: ERR_INVALID_HTTP_RESPONSE
I know that Chrome uses HTTP/2 over TLS (HTTPS).
Does any possibility exist to use HTTP/2 w/o HTTPS in a browsers?
Does HTTP/2 require encryption?
No. After extensive discussion, the Working Group did not have consensus to require the use of encryption (e.g., TLS) for the new protocol.
However, some implementations have stated that they will only support HTTP/2 when it is used over an encrypted connection, and currently no browser supports HTTP/2 unencrypted.
Source: https://http2.github.io/faq/#does-http2-require-encryption
Note that you can just use a self signed certificate for local development
I am wondering if someone has used the socket.io-client library for communicating between servers instead of communicating between browsers to server.
Is this kosher?
Is the behavior of the library pretty much the same when the client library is running on a server vs running in the browser?
Can the socket.io-server library initialize connections with clients, or do socket.io-clients need to initialize connections?
Is this kosher?
Yes, that is exactly what the socket.io-client is designed for. It works great for communicating between two servers.
Is the behavior of the library pretty much the same when the client
library is running on a server vs running in the browser?
Yes, the behavior is identical. The only difference under the covers is that the browser implementation is built on top of the browser's webSocket support whereas the server-side client uses the socket.io webSocket implementation.
Can the socket.io-server library initialize connections with clients,
or do socket.io-clients need to initialize connections?
Only socket.io servers are "listening" for incoming connections. Somebody has to connect TO the socket.io server. You can't connect TO a socket.io client. A client must connect to a server. So, a socket.io client (which can be either in a browser or on a server) must be the one that creates the connection. Once connected, data can be sent either way on that connection.
Considering you are talking about the JavaScript version of the socket.io-client:
Yes, of course it is legitimate to use it server-side. it is just a "client" library, not only a "client-SIDE" library.
The behavior is the same, yes.
Clients need to initialize connections.
There is a server side usage example the Socket.io-client documentation
Other versions of the socket.io-client are also available in different languages (swift, java, CPP), that you can find on their Github page.
I am trying to implement user authentication in an application that primarily uses WebSockets, but I am unsure how to begin.
I am using the Gorilla mux and websocket packages.
I have thought about using the method described here (files main.go and auth.go), but does this approach secure against authenticated users somehow hijacking each others sockets like described in this article?
Can someone suggest a good method or package(s) in Go?
Authenticate as you would for a plain HTTP request before upgrading the connection to the WebSocket protocol. Use whatever methods or packages you would use for plain HTTP requests.
A WebSocket connection can be hijacked to the extent that a plain HTTP connection can be hijacked. The WebSocket protocol does not introduce any new issues here.
Socket.io is a layer above WebSockets, long-polling and other techniques for sending events from the server to a browser client. Issues with Socket.io do not necessarily apply to direct use of a WebSocket.
I have been breaking my head on understanding what exactly is socket.io and its role in the whole persistent communication between client and server in general. Some fundamental questions that keep coming up in my mind are :
Are node.js and socket.io server different ways of doing the same thing ? Like lighthttpd and apache ?
Why should I use socket.io server if I have node.js ?
Can I use socket.io client with another server side programming language like PHP ?
Are there alternatives to using socket.io client ?
Is socket.io client just another javascript library for websocket communication ?
Thanks :)
The Socket.IO server accepts connections from Socket.IO clients. This is not any different than any other server (such as a web server like Apache) accepting a connection from a client (such as a web browser like Internet Explorer).
Node.js is a platform built on top of the V8 JavaScript engine, which comes with a convenient library usually used for web and network applications. Socket.IO is a web-socket-like communication wrapper and RPC which enables servers and clients to communicate over a variety of transports (every thing from long-polling JSON to real Web Sockets). Generally, the Socket.IO server code runs in your JavaScript application running on top of Node.js, and the Socket.IO client runs in your JavaScript on a web browser. (Note that you can run the Socket.IO client in your Node.js application to, which I have used in the past as a quick RPC between multiple Node.js applications.)
There are Socket.IO clients available for many languages, and yes I believe there is one for PHP but I haven't used it personally.
If you want to communicate with a Socket.IO server, you must use a Socket.IO client. It is a protocol all on its own.
Are node.js and socket.io server different ways of doing the same thing ?
SocketIO is actually a I/O engine that permits realtime communication between client and server, unlike classic HTTP requests.
Why should I use socket.io server if I have node.js ?
Since both are differents, we can't compare.
Can I use socket.io client with another server side programming language like PHP ?
No, because socketIO server run in NodeJS environment.
Client first make a HTTP request, then socketIO send a static JS script to client.
This script establish the two-way communication.
But you can use socketIO server with different socketIO client implementation.
Are there alternatives to using socket.io client ?
Any socketIO client implementation can do the job since they connected to server.
But beware of asynchronous way of communication, like in Java or PHP.
Is socket.io client just another javascript library for websocket communication ?
Yes it is, but socketIO aims on reliability and easy to use, and also do best effort : It choose the best transport available for client.
Hope it helps !
Are node.js and socket.io server different ways of doing the same thing ? Like lighthttpd and apache ?
Socket.io is a framework/library for node.js
Why should I use socket.io server if I have node.js ?
It's a framework designed for two-way communication, use it if you want
Can I use socket.io client with another server side programming language like PHP ?
Technically yes. But then you would have to reimplement socket.io server in that other language to match it.
Are there alternatives to using socket.io client ?
Lots of, google for websocket/real time communication in [here put your language]
Is socket.io client just another javascript library for websocket communication ?
Socket.io client is a JavaScript library compatibile with socket.io server (which is JavaScript library as well, only on the server side, i.e. Node.js)
Can ejabberd chat server be integrated with scalable and fast server technologies like node.js/tornado/socket.io to implement an in-browser chat?
In that case, ejabberd server might run at the backend while front end can use node.js/socket.io etc. to communicate with client browsers. All the chat messages will need to be routed through the ejabberd server. Does all this make sense and is it scalable enough as compared to directly using ejabberd in the traditional way?
Wny not use an existing Candy client (http://candy-chat.github.com/candy/) that runs inside a browser, against backend ejabberd server?
I do not see the benefit in adding a component in your architecture.
ejabberd and XMPP in general are playing well with web technologies and Javascript based client.
There is two major technologies you can use:
XMPP over Websocket is the most modern approach. It is natively supported by ejabberd. It means that you can create a browser-based XMPP client to connect to ejabberd.
XMPP over BOSH. This is an emulation of XMPP connected nature over the request-response nature of the HTTP protocol. It means that you can still do XMPP chat client for browser that do not support Websockets.
Javascript XMPP libraries usually supports both Websockets and BOSH. You can for example have a look at Strophe to implement your Javascript web client.