Is the Hubot web socket connection to Slack secure?
Question
I am setting up hubot with a slack adapter for an enterprise and would like to know if the socket connection between Hubot and Slack is secure. If not, how can it be secured?
2 answers
solution1
1 2018-09-20 09:03:50
Its hard to say in general whether a product would be regards as "secure" for your enterprise. It all depends on the security requirements specific to your business. eg a defense contractor might have much higher security requirements than a retailer.
To answer your question I would therefore suggest to research the security specifics of this product and then compare them with the security requirements of your enterprise.
Here is an overview about the security architecture to get you started:
- Hubot uses Slack's RTM API which uses WebSockets as main communication protocol
- To start a connection you need to call either the rtm.start or rtm.connect endpoint, which is secured by HTTPS. Both endpoints require you to provide authentication via a Oauth 2.0 token.
- Those endpoint return a custom URL for your WebSocket session
- All WebSocket communication uses the secure WSS protocol, which applies TLS to secure the connection
solution2
0 2018-10-02 21:18:49
I have raised a ticket with Slack support team and they confirmed that connection is WSS and uses TLS 1.2 which makes it secure for enterprise. Thanks!
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.