Add some form of authentication

ethersheet-collective / EtherSheet

Online spreadsheet collaboration in real time using node.js. Similar to etherpad-lite but its a spreadsheet!

https://ethersheet.org

BSD 2-Clause "Simplified" License

198 stars 24 forks source link

Add some form of authentication #27

Closed nobane closed 9 years ago

nobane commented 9 years ago

Etherpad-Lite has functionality that can require pads to be connected to with a cookie. That cookie is typically retreived by a third-party app via the API and assigned via the same third-party app. ANY form of authentication/security would be great to see.

Etherpad-Lite has a users/groups model that I think works quite well.

JohnMcLear commented 9 years ago

Firstly, to get it off my chest... Etherpad Lite is now called Etherpad. ;) @cooperq you might want to change the description

Our session / auth implementation is not great. You can't restrict editing of specific parts of a document etc. The implementation itself is a bit weird too..

You are welcome to implement a similar system but be mindful of the caveats :)

cooperq commented 9 years ago

So our thought on this was that if there was an authentication layer it should be seperate from ethersheet. I don't want to encumber ethersheet with a bunch of auth crap. My security model for this is that the URLs are impossible to guess. I think I would rather add the ability to change a sheet's URL and some form of client side encryption for spreadsheets than an auth system.