Hubot Web套接字与Slack的连接是否安全?
[英]Is the Hubot web socket connection to Slack secure?
问题描述
I am setting up hubot with a slack adapter for an enterprise and would like to know if the socket connection between Hubot and Slack is secure. 
我正在为企业设置带有松弛适配器的hubot,想知道Hubot和Slack之间的套接字连接是否安全。 If not, how can it be secured? 如果没有,如何保证?
2 个解决方案
解决方案1
1 2018-09-20 09:03:50
Its hard to say in general whether a product would be regards as "secure" for your enterprise. 通常很难说产品对您的企业是否是“安全的”。 It all depends on the security requirements specific to your business. 这完全取决于您的企业特定的安全要求。 eg a defense contractor might have much higher security requirements than a retailer. 例如,国防承包商的安全要求可能比零售商高得多。
To answer your question I would therefore suggest to research the security specifics of this product and then compare them with the security requirements of your enterprise. 因此,为了回答您的问题,我建议您研究此产品的安全性细节,然后将其与企业的安全性要求进行比较。
Here is an overview about the security architecture to get you started: 以下是有关安全架构的概述,可帮助您入门:
- Hubot uses Slack's RTM API which uses WebSockets as main communication protocol Hubot使用Slack的RTM API ,该API使用WebSockets作为主要通信协议
- To start a connection you need to call either the rtm.start or rtm.connect endpoint, which is secured by HTTPS. 要启动连接,您需要调用由HTTPS保护的rtm.start或rtm.connect端点。 Both endpoints require you to provide authentication via a Oauth 2.0 token. 两个端点都要求您通过Oauth 2.0令牌提供身份验证。
- Those endpoint return a custom URL for your WebSocket session 这些端点为您的WebSocket会话返回一个自定义URL
- All WebSocket communication uses the secure WSS protocol, which applies TLS to secure the connection 所有WebSocket通信都使用安全的WSS协议,该协议使用TLS来保护连接
解决方案2
0 2018-10-02 21:18:49
I have raised a ticket with Slack support team and they confirmed that connection is WSS and uses TLS 1.2 which makes it secure for enterprise. 我向Slack支持团队提出了一张罚单,他们确认连接是WSS并使用TLS 1.2,这使企业安全。 Thanks! 谢谢!
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.