On Thu, Apr 17, 2014 at 9:35 PM, Florian Schrofner <florian.schrofner@outlook.com> wrote:
I thought about that too.. but I didn't really see the difference, since
everybody who knows the link to the broker can also invoke a push without
authentication, can't he?
Right, there is no difference, except that you don't have to patch UPS, that you can later secure this REST endpoint and that you deleguate a generic behaviour (sending push messages) to a single place. 

Also setting up another server just for forwarding request seems a bit
overpowered to me (and a lot more work)..
I understand but put in balance the work to create a simple broker  and maintain a patched UPS 

As long as I don't unintentionally open a huge security hole by patching the
server it shouldn't make that much difference, should it?
Well if someone knows your MasterID he can potentially send millions of notifications to all the devices :) 

Maybe we'll build the first prototypes using the patched aerogear server and
switch to the broker later on.
Nodejs would be the best option for the broker, I guess?

Yeah NodeJS could be a good option, look at this single NodeJS server page that does almost all what you want : https://github.com/sebastienblanc/hackergarten-messenger/blob/master/server/index.js 

Thx again for your interest ! 

View this message in context: http://aerogear-dev.1069024.n5.nabble.com/aerogear-dev-Allow-Push-Without-Master-Secret-tp7474p7493.html
Sent from the aerogear-dev mailing list archive at Nabble.com.
aerogear-dev mailing list