Enable password protection

[GoogleCodeExporter]

Running collide on an intranet would be fine, but in order to use in 
production, it has to be secure.  

Workaround: Proxy all requests through another server with auth, and use a 
filter to deny all requests that don't come from your proxy.

Looking in bootstrap.js I saw:

  // This defines which messages from the client we will let through, as well as what
  // messages we want to let through to the client from the server.

  // TODO: Fill this in. Currently allowing EVERYTHING "{}" through.
  // TODO: We should auto-generate this.
  in_permitted: [
    {}
  ],
  out_permitted: [
    {}
  ]

var participantListConfig = {
  // TODO: Pick this up off the command line when launching collide.
  // password="s3cret"
}

This looks like it will do what I need, but I don't know how to use it yet!

Original issue reported on code.google.com by Ja...@wetheinter.net on 5 Jul 2012 at 6:38

[GoogleCodeExporter]

Original comment by dragonsinth on 5 Jul 2012 at 6:57

• Changed title: Enable password protection
• Added labels: Type-Enhancement
• Removed labels: Type-Defect

[GoogleCodeExporter]

It doesn't work yet. I'll pick this up and make it go later today.

Original comment by jaime...@gmail.com on 5 Jul 2012 at 2:49

• Changed state: Started

[GoogleCodeExporter]

By the way, what we should do is:

- If a password is set, bind to 0.0.0.0 to enable remote clients.

- If no password is set, bind to localhost / 127.0.0.1 to only allow local 
loopback

Original comment by dragonsinth on 5 Jul 2012 at 5:06

[GoogleCodeExporter]

Original comment by jaime...@gmail.com on 6 Jul 2012 at 4:19

• Changed state: Done