One of the fundamentals of building a successful application is having a great security model. Unfortunately, it also happens to be one of the most difficult and often overlooked features when building projects. In building PubNub Access Manager, we aimed to create an easy to use yet powerful security model for realtime applications, like secure chat.
To test and demonstrate these capabilities, we developed a text-based chat application with a single channel for secure chat. The users of the page can change their security rights to chat by asking permission from an app server that grants and revokes access. It does this by communicating through an unrestricted PubNub channel.
Getting Started with Secure Chat
To start, send a few messages before logging in to see that your access is denied. Then click “Login” and you will be given access for one minute to send messages to the channel. Open up the same page in a new window and you will see that none of your blocked messages make it to the other users, but when you have access they do.
The code to grant and revoke access to a channel is simple. First, you initiate PubNub on one of your app servers using the Secret Key with your account. This allows the server to modify the permissions for other users. It then has a command called “grant” that allows it to modify permissions. It can change both read and write permissions separately as well as providing a ttl to expire the permissions after a certain period of time.
This is a big step forward in securing realtime applications on the web. Typically a security model involves setting up a lot of core infrastructure that protects every access point of your application. With PubNub Access Manager, developers can let PubNub deal with the infrastructure of securing every user and just provide the rules of who can access what. This not only makes using PubNub as a security model easier to setup but also much more scalable than setting everything up without help.
PubNub Access Manager
PubNub Access Manager (PAM) was designed to get you up and running quickly without jumping through hoops such as creating large configuration files for roles and users. We’ve created a whitelist authentication system that allows you to lock down certain channels for users that need access to secure data. It does this by validating all messages on the edge of our data stream network, ensuring no unsecure data will ever be pushed into a channel that a user does not have access to.
One of the benefits of this is that rules are always dynamic and can be changed by the application developer. Not only can they be changed on the fly, but can also be assigned on the key level, channel level, or specific client user level.
Once the server gets the message, it then gives the user access to the secure chat channel. It identifies users by a user-generated authorization key that is provided to the PubNub libraries. This works much like a unique user ID but one that can be shared across multiple users.
With PubNub Access Manager it’s just that easy to begin building truly secure realtime applications. Check out the resources below to learn more or head to the Developer’s Portal today to enable this new feature.