2 Replies - 380 Views - Last Post: 07 December 2012 - 06:11 AM

#1 Anthonidas  Icon User is offline

  • D.I.C Head

Reputation: 30
  • View blog
  • Posts: 218
  • Joined: 25-April 11

Create Enterprise WebChat - Security analysis

Posted 05 December 2012 - 03:08 AM

Hey everybody

I did not know where to post my question and hope this place is ok. I would like to discuss with you experts a new project I was asked for.

As you can see in the title, the idea is to create a chat for enterprise websites. For example a finance website: after the site is loaded a chat pop-up (or something like that) opens in a corner asking you if you have questions or if there is something the admin could help you with. On the other side is a person (admin) who interacts directly with you, as soon as you write a question in the chat-window.

Ok, this is more or less the idea... Now my question is: What do you think about this? I am not too new to web-programming, but I have never done something interactive like that. I thought to do it with JS and PHP, but what could be security issues I imperatively have to check out? Are there any security holes? Do you have any suggestions or points I really should pay attention, while programming this chat?

Any help is much appreciated.

PS. I know there are many project you can download on the internet. Many are open source, others are charged, but I really want to do it on my own. If this project becomes popular, perhaps we are going to sell it, so it really should be something that is not copied in any manner. (Ok... selling would not be in the near future, but who nows... ;) )

Is This A Good Question/Topic? 0
  • +

Replies To: Create Enterprise WebChat - Security analysis

#2 BetaWar  Icon User is online

  • #include "soul.h"
  • member icon

Reputation: 1134
  • View blog
  • Posts: 7,094
  • Joined: 07-September 06

Re: Create Enterprise WebChat - Security analysis

Posted 05 December 2012 - 09:20 AM

Well, I am not sure how the current chat applications found on sites are made, but I would suggest using the newer web based technologies and degrading the performance based on the client browser's capabilities.

What I mean here is that you start off by checking if web sockets are allowed, if they are you create a socket session with the host for the chat. This will likely allow the best response time for chat messages. If the browser doesn't support web sockets, degrade to checking if they have flash support (then you can use a javascript->flash->socket approach and have almost as good performance). If they don't have flash try Ajax, and finally fall back to using a hidden iframe to send and receive chat updates.

If this is truly going to be an Enterprise application, I would assume that there are data security requirements, so I would look at what they require before getting too far. I would expect that sending things through a SSL connection would be helpful, but perhaps it isn't required. Furthermore, there may be a record history requirement, which would mean you would need to store all chat information somewhere (like a database). This may also need to be encrypted.

In general, I would assume that you can find the requirements from either some standard source on what Enterprise applications need to have, or the company asking you for the application will have the requirements. It will be fairly important to get the barebones requirements down before you start designing to ensure that you don't preclude something that is an absolute must down the road.

NOTE - I haven't ever worked on a chat client. This is just how I would approach it.

Hopefully that helps some.
Was This Post Helpful? 1
  • +
  • -

#3 Anthonidas  Icon User is offline

  • D.I.C Head

Reputation: 30
  • View blog
  • Posts: 218
  • Joined: 25-April 11

Re: Create Enterprise WebChat - Security analysis

Posted 07 December 2012 - 06:11 AM

Hey thanks for your reply.
In fact this is more or less the same I thought, when I heard about what was to do. But you gave me some really helpful inputs on the techniques to use. I will do some research on web sockets as I never used them and don't know too much about (how secure they are, how fast, etc.).

I really don't think we are going to use SSL-connection, as this chat is not going to be used in one single enterprise, but we are going to create this chat for multiple use in different websites. This is the reason why I asked how secure could be such a thing. How I can make my chat as secure as possible but without using a SSL connection? But perhaps using the right technique, as you said before, does the trick. :)
Was This Post Helpful? 0
  • +
  • -

Page 1 of 1