You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@cordova.apache.org by Marlin Mixon <ma...@gmail.com> on 2012/03/01 07:12:00 UTC
Re: Greetings plus discussion of WebSockets for Android
A quick update on WebSocket: It looks like the latest WebSocket spec
(RFC 6455) addresses the security issues. The current PhoneGap branch
that is a year old contains WebSocket.java that only offers the the
older insecure Draft 75 and Draft 76 WebSocket protocols. I did some
searching around and found the original source of WebSocket.java. The
author is Nathan Rajlich and it so happens that his Java-WebSocket
project is being actively developed. The project is at
http://java-websocket.org/ and the repository is here
git://github.com/TooTallNate/Java-WebSocket I've reviewed the code
and this newer version has WebSocket protocol options for not only the
original Drafts 75 and 76 but also Hybi 10 and Hybi 17. Hybi 17 is
identical to the protocol defined by RFC 6455 which was released in
December 2011. I'm checking with Nate to see if he sees any problems
with using his code (currently licensed under MIT)
So what that means is if we incorporate Java-WebSocket into Cordova
Android it should be pretty straightforward and the security issues
should then be resolved.
On Wed, Feb 29, 2012 at 3:25 PM, Bryce Curtis <cu...@gmail.com> wrote:
> The issue is discussed http://davidwalsh.name/websocket-security and
> http://blog.kotowicz.net/2011/03/html5-websockets-security-new-tool-for.html
> .
>
> It has been fixed in the latest spec (
> http://tools.ietf.org/html/rfc6455#page-50), so it's a matter of using a
> client/server that is compliant.
>
> On Wed, Feb 29, 2012 at 10:31 AM, Filip Maj <fi...@adobe.com> wrote:
>
Re: Greetings plus discussion of WebSockets for Android
Posted by Marlin Mixon <ma...@gmail.com>.
Socket.io might be a good solution that has the potential to be
implemented across all platforms. All I know about it right now is
what I've read on the intro page. Give me some time to play with it.
Marlin
On Thu, Mar 1, 2012 at 5:14 AM, Patrick Mueller <pm...@gmail.com> wrote:
> On Thu, Mar 1, 2012 at 01:12, Marlin Mixon <ma...@gmail.com> wrote:
>
>> So what that means is if we incorporate Java-WebSocket into Cordova
>> Android it should be pretty straightforward and the security issues
>> should then be resolved.
>>
>
> What other platforms/versions need WebSocket support? There's a tiny bit
> of info available here:
>
> http://caniuse.com/websockets
>
> Interesting that iOS 4.1 doesn't support WebSocket, as that's the last
> version you can upgrade a 2nd gen iPodTouch to, for instance. It won't be
> able to make use of a Java version of WebSocket, obviously.
>
> I'm wondering about another possibility, instead of using a Java version -
> using a JavaScript version - say from socket.io (client):
>
> https://github.com/LearnBoost/socket.io-client
>
> The idea would be that we have a "portable" version of the API, which ends
> up calling into native socket code to push and pull bytes over the network.
> That way, the work in "porting" to a platform just involves making sure
> there's a native "socket" API for the platform.
>
> --
> Patrick Mueller
> http://muellerware.org
Re: Greetings plus discussion of WebSockets for Android
Posted by Patrick Mueller <pm...@gmail.com>.
On Thu, Mar 1, 2012 at 01:12, Marlin Mixon <ma...@gmail.com> wrote:
> So what that means is if we incorporate Java-WebSocket into Cordova
> Android it should be pretty straightforward and the security issues
> should then be resolved.
>
What other platforms/versions need WebSocket support? There's a tiny bit
of info available here:
http://caniuse.com/websockets
Interesting that iOS 4.1 doesn't support WebSocket, as that's the last
version you can upgrade a 2nd gen iPodTouch to, for instance. It won't be
able to make use of a Java version of WebSocket, obviously.
I'm wondering about another possibility, instead of using a Java version -
using a JavaScript version - say from socket.io (client):
https://github.com/LearnBoost/socket.io-client
The idea would be that we have a "portable" version of the API, which ends
up calling into native socket code to push and pull bytes over the network.
That way, the work in "porting" to a platform just involves making sure
there's a native "socket" API for the platform.
--
Patrick Mueller
http://muellerware.org