Problem Statement
Depending on the security posture of your app, you could be broadcasting sensitive or semi-sensitive information via websockets. This may not be an issue with conventional Redis/NOTIFY setups since the messages are more ephemeral, but it becomes noticeable with Solid Cable since messages are stored in the database for up to a day by default.
Proposed Solution
Add opt-in encryption of payload (and maybe channel) for the solid_cable_messages table.
There's good precedent for this in Solid Cache (1, 2, 3) and it looks like that logic could be copied over fairly verbatim.
I'd be willing to take a swing at a PR next week if there's interest!
Problem Statement
Depending on the security posture of your app, you could be broadcasting sensitive or semi-sensitive information via websockets. This may not be an issue with conventional Redis/NOTIFY setups since the messages are more ephemeral, but it becomes noticeable with Solid Cable since messages are stored in the database for up to a day by default.
Proposed Solution
Add opt-in encryption of
payload(and maybechannel) for thesolid_cable_messagestable.There's good precedent for this in Solid Cache (1, 2, 3) and it looks like that logic could be copied over fairly verbatim.
I'd be willing to take a swing at a PR next week if there's interest!