[Interest] Security thoughts on Webchannel
Florian Hertrampf
florian.hertrampf at uni-jena.de
Fri Jun 22 17:18:38 CEST 2018
Thank you Jason,
excuse me, this was a bad question, mea culpa.
First, I thought of using one single channel for multiple users.
Of course, this is not possible if I want to separate information of
user A and B.
The simple solution is to use multiple Webchannels and multiple
registered objects. So, every user uses his own object, problem solved.
In the end, I try to ask a more precise question:
Is there any possibility to register new objects on an existing channel?
I would like to use a first registered object for user
authentification and a second one, that is registered after success of
the first operation.
Zitat von Jason H <jhihn at gmx.com>:
> Your questions aren't really answerable. What are the concerns?
> Define "isolation": thread, process, bus, other?
> Why are you asking Qt? Websockets are not Qt. They are a RFC (6455).
> Are you asking specifically about Qt's implementation? It sounds
> like you are asking a more general question.
>
>
>> Sent: Friday, June 22, 2018 at 4:19 AM
>> From: "Florian Hertrampf" <florian.hertrampf at uni-jena.de>
>> To: interest at qt-project.org
>> Subject: [Interest] Security thoughts on Webchannel
>>
>> Hello everyone,
>>
>> I started using the WebChannel stuff to deploy my applications to a
>> Docker container and provide a web-based, interactive GUI.
>> Now, I think about using this mechanism to authenticate various users
>> for information access via webbrowser.
>> Private information may provided, so I think of the security of the
>> Webchannel.
>>
>> Is there any isolation between client and server object?
>> Is a client-added function simply pushed to the server and executed?
More information about the Interest
mailing list