0

I am working on an Angular application which evolves around MQTT for communication. The idea is that the web app is kind of a live dashboard of all clients connected and sending data, the clients will be Android Apps primarily.

For the Angular app I am using 'ngx-mqtt' (https://www.npmjs.com/package/ngx-mqtt) and I have setup a debian server and configured ufw rules for mosquitto and set mosquitto config to this:

listener 9001 0.0.0.0
protocol websockets

I am developing this in my freetime, but I would like to make this as secure as possible, so I wonder if there is room for improvement.

user195215
  • 1
  • 1

1 Answers1

1

You can authenticate your mosquitto broker by providing username and password. Here is the link for authenticating the pub/sub flow: https://www.digitalocean.com/community/tutorials/how-to-install-and-secure-the-mosquitto-mqtt-messaging-broker-on-ubuntu-16-04

You can directly jump into step 5 for adding password.

Anant Lalchandani
  • 11
  • 2
  • If Password is set in Angular application then credentials will be exposed in the browser, How to hide that credentials? – Krunal Sonparate Jan 24 '21 at 16:29
  • @KrunalSonparate in a nutshell, there is no proper way to completely hide the secret like password in the frontend application. The best way is to make that sensitive part of the code from the backend. If you are dealing with tokens for API you can proxy the API requests. – Anant Lalchandani Jan 31 '21 at 14:16