Permalink
Switch branches/tags
Nothing to show
Find file
Fetching contributors…
Cannot retrieve contributors at this time
114 lines (113 sloc) 11.5 KB
{"nick":"cjm","reason":"Remote host closed the connection","date":"2012-11-25T01:20:44.341Z","type":"quit"}
{"nick":"cjm","date":"2012-11-25T01:21:17.911Z","type":"join"}
{"nick":"cjm","reason":"Ping timeout: 246 seconds","date":"2012-11-25T01:25:28.778Z","type":"quit"}
{"nick":"sberryman","date":"2012-11-25T01:32:45.204Z","type":"join"}
{"nick":"lluad","date":"2012-11-25T01:40:06.269Z","type":"join"}
{"nick":"sberryman","reason":"Remote host closed the connection","date":"2012-11-25T02:43:34.852Z","type":"quit"}
{"nick":"wolfes","date":"2012-11-25T03:07:37.218Z","type":"join"}
{"nick":"lluad","reason":"Quit: lluad","date":"2012-11-25T03:46:49.223Z","type":"quit"}
{"nick":"ArxPoetica","reason":"Quit: Leaving.","date":"2012-11-25T04:09:59.608Z","type":"quit"}
{"nick":"zenocon","date":"2012-11-25T04:17:42.805Z","type":"join"}
{"nick":"hipertracker","date":"2012-11-25T04:21:16.324Z","type":"join"}
{"nick":"Guest2418","reason":"Ping timeout: 260 seconds","date":"2012-11-25T04:23:44.642Z","type":"quit"}
{"nick":"zenocon","reason":"Remote host closed the connection","date":"2012-11-25T05:00:47.243Z","type":"quit"}
{"nick":"zenocon","date":"2012-11-25T05:01:21.663Z","type":"join"}
{"nick":"zenocon","reason":"Ping timeout: 240 seconds","date":"2012-11-25T05:05:34.627Z","type":"quit"}
{"nick":"sberryman","date":"2012-11-25T06:01:30.619Z","type":"join"}
{"nick":"jsurfage_","date":"2012-11-25T06:02:33.871Z","type":"join"}
{"nick":"avital_","date":"2012-11-25T06:06:01.697Z","type":"join"}
{"nick":"mdedetri_","date":"2012-11-25T06:06:26.048Z","type":"join"}
{"nick":"owenb","reason":"*.net *.split","date":"2012-11-25T06:10:26.354Z","type":"quit"}
{"nick":"dennismartensson","reason":"*.net *.split","date":"2012-11-25T06:10:26.484Z","type":"quit"}
{"nick":"gschmidt","reason":"*.net *.split","date":"2012-11-25T06:10:28.022Z","type":"quit"}
{"nick":"oal","reason":"*.net *.split","date":"2012-11-25T06:10:28.024Z","type":"quit"}
{"nick":"Isaiah","reason":"*.net *.split","date":"2012-11-25T06:10:28.024Z","type":"quit"}
{"nick":"jakl","reason":"*.net *.split","date":"2012-11-25T06:10:28.035Z","type":"quit"}
{"nick":"majek","reason":"*.net *.split","date":"2012-11-25T06:10:29.362Z","type":"quit"}
{"nick":"avital","reason":"*.net *.split","date":"2012-11-25T06:10:29.558Z","type":"quit"}
{"nick":"mdedetrich","reason":"*.net *.split","date":"2012-11-25T06:10:29.559Z","type":"quit"}
{"nick":"jsurfage","reason":"*.net *.split","date":"2012-11-25T06:10:29.748Z","type":"quit"}
{"nick":"avital_","new_nick":"avital","date":"2012-11-25T06:10:31.600Z","type":"nick"}
{"nick":"mdedetri_","new_nick":"mdedetrich","date":"2012-11-25T06:10:31.733Z","type":"nick"}
{"nick":"jakl","date":"2012-11-25T06:19:30.979Z","type":"join"}
{"nick":"oal","date":"2012-11-25T06:19:50.773Z","type":"join"}
{"nick":"Isaiah","date":"2012-11-25T06:19:50.899Z","type":"join"}
{"nick":"gschmidt","date":"2012-11-25T06:21:39.303Z","type":"join"}
{"nick":"owenb","date":"2012-11-25T06:21:57.738Z","type":"join"}
{"nick":"dennismartensson","date":"2012-11-25T06:21:57.738Z","type":"join"}
{"nick":"majek","date":"2012-11-25T06:24:48.075Z","type":"join"}
{"nick":"majek","reason":"Changing host","date":"2012-11-25T06:38:51.840Z","type":"quit"}
{"nick":"majek","date":"2012-11-25T06:38:51.840Z","type":"join"}
{"nick":"evangeni_","date":"2012-11-25T07:01:20.110Z","type":"join"}
{"nick":"evangenieur","reason":"Ping timeout: 244 seconds","date":"2012-11-25T07:03:47.099Z","type":"quit"}
{"nick":"wolfes","reason":"Quit: Leaving.","date":"2012-11-25T08:13:32.278Z","type":"quit"}
{"nick":"john3909","reason":"Quit: Leaving.","date":"2012-11-25T09:39:14.473Z","type":"quit"}
{"nick":"cjm","date":"2012-11-25T09:42:01.382Z","type":"join"}
{"nick":"ins0mnia","date":"2012-11-25T10:24:41.450Z","type":"join"}
{"nick":"ins0mnia","reason":"Ping timeout: 252 seconds","date":"2012-11-25T10:39:41.455Z","type":"quit"}
{"nick":"ins0mnia","date":"2012-11-25T11:41:38.276Z","type":"join"}
{"nick":"ins0mnia","reason":"Ping timeout: 265 seconds","date":"2012-11-25T12:28:25.069Z","type":"quit"}
{"nick":"ins0mnia","date":"2012-11-25T12:57:48.492Z","type":"join"}
{"nick":"mdedetrich","reason":"Quit: Computer has gone to sleep.","date":"2012-11-25T13:03:10.383Z","type":"quit"}
{"nick":"ins0mnia","reason":"Ping timeout: 252 seconds","date":"2012-11-25T13:05:22.492Z","type":"quit"}
{"nick":"paulbjensen","date":"2012-11-25T13:22:58.802Z","type":"join"}
{"nick":"mdedetrich","date":"2012-11-25T13:57:53.329Z","type":"join"}
{"nick":"ins0mnia","date":"2012-11-25T14:06:41.927Z","type":"join"}
{"nick":"mdedetrich","reason":"Quit: Computer has gone to sleep.","date":"2012-11-25T14:16:35.323Z","type":"quit"}
{"nick":"hipertracker","reason":"Quit: hipertracker","date":"2012-11-25T15:00:20.549Z","type":"quit"}
{"nick":"hipertracker","date":"2012-11-25T15:01:04.790Z","type":"join"}
{"nick":"ins0mnia","reason":"Ping timeout: 265 seconds","date":"2012-11-25T16:26:12.777Z","type":"quit"}
{"nick":"ins0mnia","date":"2012-11-25T16:38:44.775Z","type":"join"}
{"nick":"ins0mnia","reason":"Ping timeout: 265 seconds","date":"2012-11-25T16:43:36.759Z","type":"quit"}
{"nick":"ArxPoetica","date":"2012-11-25T17:04:10.617Z","type":"join"}
{"nick":"ins0mnia","date":"2012-11-25T17:12:07.481Z","type":"join"}
{"nick":"ins0mnia","reason":"Ping timeout: 252 seconds","date":"2012-11-25T17:35:29.472Z","type":"quit"}
{"nick":"ins0mnia","date":"2012-11-25T17:40:12.489Z","type":"join"}
{"nick":"lluad","date":"2012-11-25T18:13:46.556Z","type":"join"}
{"nick":"danfo","date":"2012-11-25T19:01:16.652Z","type":"join"}
{"nick":"ins0mnia","reason":"Ping timeout: 252 seconds","date":"2012-11-25T19:12:02.487Z","type":"quit"}
{"nick":"joshsmith","date":"2012-11-25T19:20:46.715Z","type":"join"}
{"nick":"danfo","reason":"Quit: danfo","date":"2012-11-25T19:58:37.419Z","type":"quit"}
{"nick":"danfo","date":"2012-11-25T20:00:37.172Z","type":"join"}
{"nick":"joshsmith","reason":"Quit: joshsmith","date":"2012-11-25T20:41:05.274Z","type":"quit"}
{"nick":"ins0mnia","date":"2012-11-25T20:41:30.425Z","type":"join"}
{"nick":"joshsmith","date":"2012-11-25T20:41:51.788Z","type":"join"}
{"nick":"ins0mnia","reason":"Ping timeout: 264 seconds","date":"2012-11-25T21:54:48.416Z","type":"quit"}
{"nick":"mdedetrich","date":"2012-11-25T22:04:51.372Z","type":"join"}
{"nick":"danfo","date":"2012-11-25T22:44:17.522Z","type":"part"}
{"nick":"mdedetrich","message":"hi everybody","date":"2012-11-25T23:27:22.239Z","type":"message"}
{"nick":"mdedetrich","message":"ArxPoetica: hello","date":"2012-11-25T23:27:25.098Z","type":"message"}
{"nick":"paulbjensen","message":"hi","date":"2012-11-25T23:28:34.043Z","type":"message"}
{"nick":"mdedetrich","message":"paulbjensen: oh hey, speak of the devil!","date":"2012-11-25T23:28:53.471Z","type":"message"}
{"nick":"mdedetrich","message":"paulbjensen: how hard do you think it would be to implement authentication into ss-engine.io","date":"2012-11-25T23:29:09.472Z","type":"message"}
{"nick":"mdedetrich","message":"or something to prevent csrf","date":"2012-11-25T23:29:24.126Z","type":"message"}
{"nick":"paulbjensen","message":"At this point, I don't know, only way to find out is to give it a shot","date":"2012-11-25T23:29:55.135Z","type":"message"}
{"nick":"mdedetrich","message":"mainly because we need to have csrf for our site to be in production (for obvious reasons)","date":"2012-11-25T23:30:17.449Z","type":"message"}
{"nick":"paulbjensen","message":"I briefly read the link about authorising with socket.io","date":"2012-11-25T23:30:18.001Z","type":"message"}
{"nick":"mdedetrich","message":"I can help out, if needed","date":"2012-11-25T23:30:25.282Z","type":"message"}
{"nick":"mdedetrich","message":"I think if you can emulate that authorization with engine.io","date":"2012-11-25T23:30:48.309Z","type":"message"}
{"nick":"mdedetrich","message":"it should be fine","date":"2012-11-25T23:30:50.138Z","type":"message"}
{"nick":"mdedetrich","message":"its just a question of how to integrate it with ss","date":"2012-11-25T23:30:57.354Z","type":"message"}
{"nick":"mdedetrich","message":"paulbjensen: I am guessing the easiest way would to be pass it in as an option when you do ss.ws.transport.use(require('ss-engine.io')) to enable csrf, as well as a function to handle the csrf detection","date":"2012-11-25T23:34:08.907Z","type":"message"}
{"nick":"paulbjensen","message":"That sounds good.","date":"2012-11-25T23:34:43.934Z","type":"message"}
{"nick":"mdedetrich","message":"I think making it global for now is the best thing to do (and in spirit of SS as well)","date":"2012-11-25T23:35:34.668Z","type":"message"}
{"nick":"mdedetrich","message":"alternately you can make it a middleware, that might be more complicated","date":"2012-11-25T23:36:01.676Z","type":"message"}
{"nick":"paulbjensen","message":"I'd say go with the first option (global) for now","date":"2012-11-25T23:37:19.406Z","type":"message"}
{"nick":"mdedetrich","message":"well I will have a look at it tomorrow, if you get anywhere with it or need any help let me know","date":"2012-11-25T23:41:27.832Z","type":"message"}
{"nick":"paulbjensen","message":"thanks, do you have any code relating to your currently CSRF presentation implementation for reference?","date":"2012-11-25T23:43:48.602Z","type":"message"}
{"nick":"paulbjensen","message":"*prevention","date":"2012-11-25T23:48:14.821Z","type":"message"}
{"nick":"mdedetrich","message":"well I have some current code, but it has nothing to do with sockets","date":"2012-11-25T23:51:44.010Z","type":"message"}
{"nick":"mdedetrich","message":"its just standard csrf through forms, so you actually have to do a post FORM for your login","date":"2012-11-25T23:51:59.949Z","type":"message"}
{"nick":"mdedetrich","message":"thats (one) way to do csrf","date":"2012-11-25T23:52:17.239Z","type":"message"}
{"nick":"mdedetrich","message":"im not sure how helpful that would be","date":"2012-11-25T23:53:42.123Z","type":"message"}
{"nick":"mdedetrich","message":"I think the socket.io documentation for authentication is going to be the best reference, seeing as i havn't done CSRF using websockets before","date":"2012-11-25T23:54:54.752Z","type":"message"}
{"nick":"mdedetrich","message":"the principle is similar, server needs to send unique token to the client","date":"2012-11-25T23:55:05.011Z","type":"message"}
{"nick":"mdedetrich","message":"that token is put into the servers session","date":"2012-11-25T23:55:14.023Z","type":"message"}
{"nick":"mdedetrich","message":"any kind of 'post' request (or a request that changes something on the server), requires the client to send that token","date":"2012-11-25T23:55:33.031Z","type":"message"}
{"nick":"mdedetrich","message":"and you need to compare the token with the one in the session","date":"2012-11-25T23:55:42.921Z","type":"message"}
{"nick":"mdedetrich","message":"when doing a comparison, you should probably compare with using hashes, to prevent timing attacks","date":"2012-11-25T23:55:55.741Z","type":"message"}
{"nick":"mdedetrich","message":"paulbjensen: you may find this interesting","date":"2012-11-25T23:57:27.784Z","type":"message"}
{"nick":"mdedetrich","message":"paulbjensen: http://blog.kotowicz.net/2011/03/html5-websockets-security-new-tool-for.html","date":"2012-11-25T23:57:30.776Z","type":"message"}
{"nick":"mdedetrich","message":"paulbjensen: particularly https://github.com/koto/socket_io_client","date":"2012-11-25T23:57:52.224Z","type":"message"}
{"nick":"mdedetrich","message":"I might write up a sample app based on that code, in SS, using ss-engine.io, to test against csrf","date":"2012-11-25T23:58:17.699Z","type":"message"}
{"nick":"paulbjensen","message":"thanks, that looks pretty useful (and scary from a security POV)","date":"2012-11-25T23:59:48.576Z","type":"message"}