Application Settings

LAST EDIT Nov 04 2024

Application Settings

Copied!

Using the wrong Permission and Channel settings in an application can lead to unexpected behavior, security holes, scaling problems, performance issues, and crashes. It is essential to review these settings before deploying an application in a production environment. This section will help you make sure these application settings are configured optimally.

Permission settings

Copied!

In the Stream dashboard, under the settings for your application, be sure to make sure Permission Checks are not disabled. The Stream API is built with a complex yet flexible permission system that checks if a user has permission to perform all actions based on their user role (e.g. channel member vs. moderator). Disabling this permission layer opens your application to vulnerabilities, such as a user modifying another user's messages. While disabling the permissions can be helpful in development envirmonents when debugging an application, permissions should never be disabled on a production application.

Sceenshot showing permission checks disabled. This is NOT recommended in production environments

Channel Settings

Copied!

Within each channel type, some settings are available that apply to all channels of that type. Among these settings are the ability to enable/disable each event type. When disabled, events of that type (for channels of this type) will not be passed through to a client's open WebSocket connection. It's also important to note that increasing the events enabled on a channel type also increases the load on clients in those channels.

Screenshot showing Typing, Read, And Connect events off