Closed Bug 920244 Opened 8 years ago Closed 8 years ago

Security Review: TogetherJS

Categories

(mozilla.org :: Security Assurance: Review Request, task)

task
Not set
normal

Tracking

(Not tracked)

RESOLVED FIXED

People

(Reporter: ianbicking, Assigned: mgoodwin)

References

Details

(Whiteboard: [completed secreview] u= c= p=1 s=13q4.1)

Initial Questions:

Project/Feature Name: TogetherJS
Tracking  ID:
Description:
TogetherJS is a service and library for adding real-time collaboration to a website.

The service/server portion is a server that accepts WebSocket connections, and echos those messages between the participants in a session.  Only aggregated usage statistics are saved, everything else is memory-only.

The client library runs on the website (in content) and introspects the page and communicates with everyone else in the session about certain actions that the user takes.
Additional Information:
Site: https://togetherjs.com/
Github: https://github.com/mozilla/togetherjs
Server: https://github.com/mozilla/togetherjs/blob/develop/hub/server.js
JP is handling the ops/deployment: jp@mozillafoundation.org (it is deployed on AWS)

Key Initiative: Labs / Research / H3
Release Date: Continuous releases
Project Status: launched
Mozilla Data: Yes
Mozilla Related: 
Separate Party: No

Security Review Questions:

Affects Products: No
Review Due Date: 
Review Invitees: 
Extra Information:
Group: mozilla-corporation-confidential
Whiteboard: [triage needed]
Assignee: nobody → amuntner
Whiteboard: [triage needed]
Hi Ian,

Do you want us to test this in production, or do you have a stage instance we can use?
Assignee: amuntner → mgoodwin
Flags: needinfo?(ianb)
Whiteboard: u=world c=moco p=1
Whiteboard: u=world c=moco p=1 → u=world c=moco p=1 [SA Sprint 1]
Production is fine, as there's no significant persistence.  It might be useful for me to setup an example more suitable for testing, as the on-site examples have somewhat peculiar flows for session creation, to make the demo more compelling.  Are there particularly features you want to concentrate on particularly (so I can make sure they are in the example)?

http://jsfiddle.net/ also has it deployed (as "Collaboration"), and you could use that.  It might be better than a made-up example, and of course it's easy to setup scratch code to test.
Flags: needinfo?(ianb)
Whiteboard: u=world c=moco p=1 [SA Sprint 1] → u= c= p= s=13q4.1
Whiteboard: u= c= p= s=13q4.1 → u= c= p=1 s=13q4.1
Some info on how this hangs together (in absence of a napkin sketch): https://togetherjs.com/docs/#technology-overview
https://wiki.mozilla.org/Security/Reviews/TogetherJS
Status: NEW → RESOLVED
Closed: 8 years ago
Resolution: --- → FIXED
Whiteboard: u= c= p=1 s=13q4.1 → [completed secreview] u= c= p=1 s=13q4.1
You need to log in before you can comment on or make changes to this bug.