What is WebSocket ?
For communication between client and server, we usually use HTTP protocol where server respond to the client request but if we talk about weather, gaming application that keeps changing in a very short span of time we need something different. Therefore, we use web-sockets to make this communication faster. If a data gets changes on the server side there is not interaction such as page refresh or something is not required from the user side they can updated automatically.
In web-socket, there is a 2-way communication like HTTP Protocol but server can initiate connection without the request generated by client and connection between client and server can be open for long time without no overhead.
Note: For initial handshake process, web-socket uses http protocol itself late switch to web-socket infrastructure.
Syntax: ws://test.com/abc:80
Note: wss used for encrypted channel.
Need/Advantage:
· Less overhead: We can achieve 2-way communication by using http protocol but we have to implement lots of header on server side.
· Server can push the information or update to clients and clients do not need to refresh the webpage each and every time.
· It can comfortably work with text and binaries.
· As transmission of data is light, so if provides better efficiency.
· They are compatible with most of the port such as 80, 443.
Disadvantage:
· Because of unlimited and unverified communication, there is possibility of DDOS.
· Possibility of Cross-Site Web-Socket Hijacking because web-socket only forward the http request after initial handshake process. While upgrading to web-socket there is no authentication or authorization process.
· Masking the traffic in web socket helps cache poisoning but so many tools cannot identify the patterns of traffic.
· Very few web socket implementation checks input validation and sanitization; they may leads to attacks such as XSS.
