supersdar / collide

Automatically exported from code.google.com/p/collide
Apache License 2.0
0 stars 0 forks source link

Enable password protection #13

Closed GoogleCodeExporter closed 8 years ago

GoogleCodeExporter commented 8 years ago
Running collide on an intranet would be fine, but in order to use in 
production, it has to be secure.  

Workaround: Proxy all requests through another server with auth, and use a 
filter to deny all requests that don't come from your proxy.

Looking in bootstrap.js I saw:

  // This defines which messages from the client we will let through, as well as what
  // messages we want to let through to the client from the server.

  // TODO: Fill this in. Currently allowing EVERYTHING "{}" through.
  // TODO: We should auto-generate this.
  in_permitted: [
    {}
  ],
  out_permitted: [
    {}
  ]

var participantListConfig = {
  // TODO: Pick this up off the command line when launching collide.
  // password="s3cret"
}

This looks like it will do what I need, but I don't know how to use it yet!

Original issue reported on code.google.com by Ja...@wetheinter.net on 5 Jul 2012 at 6:38

GoogleCodeExporter commented 8 years ago

Original comment by dragonsinth on 5 Jul 2012 at 6:57

GoogleCodeExporter commented 8 years ago
It doesn't work yet. I'll pick this up and make it go later today.

Original comment by jaime...@gmail.com on 5 Jul 2012 at 2:49

GoogleCodeExporter commented 8 years ago
By the way, what we should do is:

- If a password is set, bind to 0.0.0.0 to enable remote clients.

- If no password is set, bind to localhost / 127.0.0.1 to only allow local 
loopback

Original comment by dragonsinth on 5 Jul 2012 at 5:06

GoogleCodeExporter commented 8 years ago

Original comment by jaime...@gmail.com on 6 Jul 2012 at 4:19