Closed Bug 920244 Opened 12 years ago Closed 12 years ago

Security Review: TogetherJS

Categories

(mozilla.org :: Security Assurance: Review Request, task)

Product:
mozilla.org
Component:
Security Assurance: Review Request
Type:
task
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: ianbicking, Assigned: mgoodwin)

References

Details

(Whiteboard: [completed secreview] u= c= p=1 s=13q4.1)

Initial Questions: Project/Feature Name: TogetherJS Tracking ID: Description: TogetherJS is a service and library for adding real-time collaboration to a website. The service/server portion is a server that accepts WebSocket connections, and echos those messages between the participants in a session. Only aggregated usage statistics are saved, everything else is memory-only. The client library runs on the website (in content) and introspects the page and communicates with everyone else in the session about certain actions that the user takes. Additional Information: Site: https://togetherjs.com/ Github: https://github.com/mozilla/togetherjs Server: https://github.com/mozilla/togetherjs/blob/develop/hub/server.js JP is handling the ops/deployment: jp@mozillafoundation.org (it is deployed on AWS) Key Initiative: Labs / Research / H3 Release Date: Continuous releases Project Status: launched Mozilla Data: Yes Mozilla Related: Separate Party: No Security Review Questions: Affects Products: No Review Due Date: Review Invitees: Extra Information:
Group: mozilla-corporation-confidential
Whiteboard: [triage needed]
Assignee: nobody → amuntner
Whiteboard: [triage needed]
Hi Ian, Do you want us to test this in production, or do you have a stage instance we can use?
Assignee: amuntner → mgoodwin
Flags: needinfo?(ianb)
Whiteboard: u=world c=moco p=1
Whiteboard: u=world c=moco p=1 → u=world c=moco p=1 [SA Sprint 1]
Production is fine, as there's no significant persistence. It might be useful for me to setup an example more suitable for testing, as the on-site examples have somewhat peculiar flows for session creation, to make the demo more compelling. Are there particularly features you want to concentrate on particularly (so I can make sure they are in the example)? http://jsfiddle.net/ also has it deployed (as "Collaboration"), and you could use that. It might be better than a made-up example, and of course it's easy to setup scratch code to test.
Flags: needinfo?(ianb)
Whiteboard: u=world c=moco p=1 [SA Sprint 1] → u= c= p= s=13q4.1
Whiteboard: u= c= p= s=13q4.1 → u= c= p=1 s=13q4.1
Some info on how this hangs together (in absence of a napkin sketch): https://togetherjs.com/docs/#technology-overview
https://wiki.mozilla.org/Security/Reviews/TogetherJS
Status: NEW → RESOLVED
Closed: 12 years ago
Resolution: --- → FIXED
Whiteboard: u= c= p=1 s=13q4.1 → [completed secreview] u= c= p=1 s=13q4.1
You need to log in before you can comment on or make changes to this bug.