N
Novu•2y ago
sgrzelak

Security support

Hi guys, Can you tell how you support the security for subscriberId? The websocket is identified by subscriberId, which is visible in web page source code. So do you somehow randomly generate subscriberId using some algorithm to prevent from guessing the subscriberId of another users? How this is done from the security point of view? Thanks for the answer
4 Replies
sgrzelak
sgrzelakOP•2y ago
I mean, how to prevent that some user will not guess the subscriberId of another one and read his notifications?
Rifki Salim
Rifki Salim•2y ago
Does HMAC encryption (https://docs.novu.co/notification-center/iframe-embed/#enabling-hmac-encryption) satisfy your concerns @sgrzelak ?
iFrame Embed | Novu
If you are using a (currently) unsupported client framework, you can use our embedded script. This will generate the notification center inside an iframe.
sgrzelak
sgrzelakOP•2y ago
@rifkisalim.dev thats great, thanks 🙂
Rifki Salim
Rifki Salim•2y ago
No worries, happy to help 🙂

Did you find this page helpful?