mquandalle has quit [Quit: Connection closed for inactivity]
aldeka has quit [Remote host closed the connection]
ocdtrekkie has quit [Remote host closed the connection]
elee has joined #sandstorm
eldios has quit [Ping timeout: 264 seconds]
leee has quit [Ping timeout: 264 seconds]
Guest9988 has joined #sandstorm
ripdog has quit [Ping timeout: 264 seconds]
ripdog has joined #sandstorm
landspite has quit [*.net *.split]
landspite has joined #sandstorm
ocdtrekkie has joined #sandstorm
aldeka has joined #sandstorm
landspite1 has joined #sandstorm
landspite has quit [Ping timeout: 264 seconds]
isd has quit [Ping timeout: 256 seconds]
isd has joined #sandstorm
landspite1 has quit [Ping timeout: 244 seconds]
gopar has quit [Ping timeout: 245 seconds]
isd has quit [Remote host closed the connection]
gopar has joined #sandstorm
paroneayea has quit [Read error: Connection reset by peer]
paroneayea has joined #sandstorm
ocdtrekkie has quit [Remote host closed the connection]
aldeka has quit [Remote host closed the connection]
aldeka has joined #sandstorm
ocdtrekkie has joined #sandstorm
gopar has quit [Quit: Leaving]
landspite has joined #sandstorm
landspite1 has joined #sandstorm
landspite has quit [Read error: Connection reset by peer]
landspite1 has quit [Client Quit]
landspite has joined #sandstorm
gopar has joined #sandstorm
itscassa|away has quit [Ping timeout: 272 seconds]
itscassa|away has joined #sandstorm
aldeka has quit [Remote host closed the connection]
ocdtrekkie has quit [Remote host closed the connection]
ocdtrekkie has joined #sandstorm
aldeka has joined #sandstorm
kentonv has quit [Ping timeout: 240 seconds]
jadewang has quit [Ping timeout: 255 seconds]
kentonv has joined #sandstorm
paroneayea has quit [Read error: Connection reset by peer]
paroneayea has joined #sandstorm
gopar has quit [Quit: Leaving]
jadewang has joined #sandstorm
jadewang has quit [Ping timeout: 244 seconds]
jadewang has joined #sandstorm
jadewang has quit [Ping timeout: 244 seconds]
jadewang has joined #sandstorm
jadewang has quit [Ping timeout: 244 seconds]
ocdtrekkie has quit [Remote host closed the connection]
aldeka has quit [Remote host closed the connection]
aldeka has joined #sandstorm
ocdtrekkie has joined #sandstorm
jadewang has joined #sandstorm
jadewang has quit [Ping timeout: 240 seconds]
geofft has quit [Remote host closed the connection]
paroneayea has quit [Read error: Connection reset by peer]
paroneayea has joined #sandstorm
dwrensha has quit [Ping timeout: 264 seconds]
jadewang has joined #sandstorm
jadewang has quit [Ping timeout: 256 seconds]
dwrensha has joined #sandstorm
jadewang has joined #sandstorm
jadewang has quit [Ping timeout: 246 seconds]
dwrensha has quit [Ping timeout: 252 seconds]
jadewang has joined #sandstorm
jadewang has quit [Ping timeout: 264 seconds]
ocdtrekkie has quit [Remote host closed the connection]
aldeka has quit [Remote host closed the connection]
ocdtrekkie has joined #sandstorm
aldeka has joined #sandstorm
jadewang has joined #sandstorm
jadewang has quit [Ping timeout: 265 seconds]
fonfon has joined #sandstorm
<XgF> The @SandstormIO twitter account has tweeted posts from January and March today, is that intentional?
<XgF> (not some bot going mad?)
jadewang has joined #sandstorm
paroneayea has quit [Read error: Connection reset by peer]
jadewang has quit [Ping timeout: 264 seconds]
paroneayea has joined #sandstorm
<posix4e> anyone know if gj has basic functionality yet?
<XgF> gj?
gopar has joined #sandstorm
jadewang has joined #sandstorm
jadewang has quit [Ping timeout: 255 seconds]
Fernandos has joined #sandstorm
<Fernandos> hi
<Fernandos> I can't use DNS Wildcards, nor the Sandcats.io service, because our server is behind a firewall and our policy doesn't allow exposing internal services, nor creating subdomains per user.
<XgF> Fernandos: Can you not setup wildcard DNS behind a firewall?
<Fernandos> yes, wildcard DNS is prohibited via policy
<XgF> Then Sandstorm is not for you, wildcard DNS is an essential part of the security model
<XgF> That seems like a really silly policy
<Fernandos> XgF: Why is wildcards DNS essential? Doesn't make sense to me. /username should be equally well suited, so why is wildcards dns so essential?
<XgF> Fernandos: Every app gets a randomly generated subdomain for sandboxing purposes
<XgF> It's not username.domain, it's *random hex string*.domain and browser sandboxing policies
<Fernandos> yeah domain.tld/*random hex string is equally qualified.
<Fernandos> Or is there a reason why the only way to use sandstorm is via * DNS?
<mcpherrin> Fernandos: You want browsers to think each app has a seperate domain because of web browser's "Same Origin Policy"
<mcpherrin> Using different ports on the same hostname could work too but there's not many random bits there
<mcpherrin> And unfortunately for you, sandstorm uses that idea.
<Fernandos> Now I understand why you "try" to realize using *.domain, you want to create a http-level and client-side access control, "app isolation" or sandbox
<Fernandos> why don't you just use CORS with Shared-Secrets (public/private key cryptography)
<XgF> Because CORS does different things to the *browser* same origin policy
<XgF> Really, what Sandstorm is doing is not acheivable any other way
<Fernandos> Can you further explain what you mean by that?
<XgF> The use of subdomains is about sandboxing things like cookies
<Fernandos> you can authenticate without cookies andn use headers
<Fernandos> It's same-origin policy is just client-side security, no?
<Fernandos> *strike "It's"
jadewang has joined #sandstorm
jadewang has quit [Ping timeout: 258 seconds]
<Fernandos> Do you have press material or stuff that we're allowed to include in presentations?
fonfon has quit [Remote host closed the connection]
<XgF> Fernandos: This is about protecting apps from one another and you from apps
<Fernandos> I understand that, but wanted to know why that's not possible using a central/decentral login-system via http-headers or through a websocket connection to a login-server that can verify the public-keys to the id of the user
<Fernandos> that'd have to be part of the nodejs backend
aldeka has quit [Remote host closed the connection]
ocdtrekkie has quit [Remote host closed the connection]
aldeka has joined #sandstorm
ocdtrekkie has joined #sandstorm
NwS has joined #sandstorm
<XgF> Fernandos: The issue of login isn't the problem. Its about preventing things like cookies leaking from one untrusted app to another
<Fernandos> That's why I asked if cookieless authentication isn't a way around that?
<XgF> Fernandos: Cookieless authentication doesn't stop app A from stealing app B's internal cookie
<XgF> (session cookie, whatever)
jadewang has joined #sandstorm
<kentonv> Fernandos: If two apps are in the same origin, they can arbitrary modify each other's HTML through Javascript, arbitrarily intercept each other's web traffic through Javascript, arbitrarily read and modify each other's local storage through Javascript, etc.
<kentonv> there's really no getting around it; apps have to be in separate subdomains to be isolated from each other
<Fernandos> hmm.. I understand, yes it seems to be a little more complicated than I thought.
<kentonv> it's a common complaint
jadewang has quit [Ping timeout: 265 seconds]
<kentonv> I wish there were some way for us to do everything from one host
<Fernandos> hmm..but what about client side decryption? If sandstorm or nodejs would encrypt any content before/while sending it, only authorized apps could read other authorized apps.
<XgF> Fernandos: They can still cross-tab fiddle
<Fernandos> Well the only other, but final solution to this problem is "Fully Homomorphic Encryption".
<XgF> Basically, this is a limitation of the browser sandbox
<kentonv> yeah unfortunately the browser allows two tabs or frames in the same origin to arbitrarily modify each other
<kentonv> reach right in and read/write DOM, even inject scripts
<Fernandos> XgF: oh.. I see your point, once the content is decrypted by the client an attacker could read the content, because browser use ancient protection schemes
<kentonv> yeah it's actually the client side that's the problem. On the server we can implement whatever separation we want, since we control that code.
<Fernandos> The admins argued that managing and cleaning up generated wildcard domains can be a pain. How is that resolved?
<kentonv> hmm, I'm not sure what they mean.
<kentonv> what needs "managing" or "cleaning up"?
<kentonv> it's just a single DNS entry for *
NwS has quit [Quit: See you in Isla de Muerte!]
jadewang has joined #sandstorm
jadewang has quit [Ping timeout: 252 seconds]
mquandalle has joined #sandstorm
<kentonv> now working on a page about security model more generally
jadewang has joined #sandstorm
<zarvox> posix4e: define "basic"? https://github.com/dwrensha/gj/tree/master/examples lists a few simple examples, and it looks like dwrensha is working on gj today :)
<posix4e> cheers
paroneayea has quit [Read error: Connection reset by peer]
paroneayea has joined #sandstorm
dwrensha has joined #sandstorm
<dwrensha> ah, well I guess this is why admin token permissions are 640 now: https://github.com/sandstorm-io/sandstorm/commit/583886a760a6973bcefa31e98126d857f0b33719
<dwrensha> This breaks admin tokens for me
<kentonv> dwrensha: how so?
<dwrensha> exactly as it was broken for isd last night
<dwrensha> EACCESS
<kentonv> ugh
<dwrensha> and it works just fine if I `chmod o+r` the file
<kentonv> yeah fix coming
<kentonv> problem is that ownership is set wrong if you created the token as root
<dwrensha> I guess the owner should be SERVER_USER?
<kentonv> yep, testing fix...
<kentonv> building a release now
<kentonv> setting the mode 644 as we did before was a security problem since it meant anyone with a shell account on the server could read it and get access. :/
<kentonv> (at least in the 15 minutes between the legitimate admin creating a token and it expiring)
<kentonv> ok, new release has been pushed
<dwrensha> yay, works for me now
bb010g has quit [Quit: Connection closed for inactivity]