PusherJS warning - Githubissues

pusher / atom-pair

An Atom package that allows for epic pair programming

MIT License

1.45k stars 28 forks source link

PusherJS warning #44

Closed AsaAyers closed 9 years ago

AsaAyers commented 9 years ago

I get the following warning in the console. Since I've never used PusherJS I'm not really sure if this is a real problem or not. I'd think of this as a "production application" as you're distributing it to users.

You are using PusherJS client authentication. Never ever use this for a production application, as it would expose your secret keys.

jpatel531 commented 9 years ago

No need to worry about this. This plugin uses a library that authenticates presence channels, so that there's no need for a server. What is meant by "production applications" is web (or mobile) apps, which could expose secret keys. Because your atom editor is a private environment, there is no such vulnerability

jpatel531 commented 9 years ago

The warning is just so that people don't use the library in deployed applications to skip channel authentication