0

We are going to implement Genesys chat widget in our organization in an existing web application based on J2EE. According to the architecture diagram, first the widget will make a request to the backend to JSON data with client information, once the chat widget create a connection with Genesys server, all the communication will happen from this widget to Genesys server directly.

We are concerned about the security with this approach as the communication is directly between browser and Third party server (over HTTPS).

Any idea how to make it secure and prevent from false identity attack?

Jose Loor
  • 205
  • 5
  • 18
  • Wasnt HTTPS developed to solve this problem? – Code Spirit Jan 24 '19 at 15:22
  • We are concerned about false identity. Since the chat data doesnot pass through our backend, we can not verify the user who is chatting is actually the user he is claiming. – Jose Loor Jan 24 '19 at 15:48

1 Answers1

0

If you want security, you need to authenticate the users before enabling chat. This way, you control all the User Data that is passed on to the Genesys Widget.

Else, there's no stopping them from entering false names, mobile, and emails which will be used to link to contact history in UCS.

Merioles
  • 268
  • 2
  • 12