This blip is not on the current edition of the Radar. If it was on one of the last few editions it is likely that it is still relevant. If the blip is older it might no longer be relevant and our assessment might be different today. Unfortunately, we simply don't have the bandwidth to continuously review blips from previous editions of the RadarUnderstand more
Published: Nov 10, 2015
Last Updated: Apr 05, 2016
Apr 2016

We have a number of reservations about the use of HTML5 WebSockets. By allowing the server to initiate actions on the browser, WebSockets departs from the connectionless, request/response model that underpins the World Wide Web today. Security is another big risk with WebSockets. For example, the standard does not impose any cross-origin request policy. However, we do recognize that in certain monitoring or alerting applications, WebSockets can be very useful. If you need to build a .NET WebSockets server, SignalR conveniently implements much of the additional code you need for a robust production application. This includes some recommended security practices such as validating connection tokens and activating SSL when encryption is needed. Although Thoughtworks teams have been very happy with SignalR, there are still fundamental issues with WebSockets that you should consider before diving in.

Nov 2015