#sandstorm on 2018-06-19 — irc logs at freenode.irclog.whitequark.org

2017-06-04 23:24 kentonv changed the topic of #sandstorm to: Welcome to #sandstorm: home of all things sandstorm.io. Say hi! | Have a question but no one is here? Try asking in the discussion group: https://groups.google.com/group/sandstorm-dev | Public logs at https://botbot.me/freenode/sandstorm/

00:07 blueminder has joined #sandstorm

00:21 harish has quit [Ping timeout: 256 seconds]

00:22 xet7 has quit [Quit: Leaving]

01:01 digitalcircuit has quit [Quit: Signing off from Quassel - see ya!]

01:02 digitalcircuit has joined #sandstorm

03:56 harish has joined #sandstorm

06:18 pie_ has quit [Ping timeout: 248 seconds]

06:54 simpson has quit [Ping timeout: 256 seconds]

07:06 simpson has joined #sandstorm

08:16 harish has quit [Ping timeout: 248 seconds]

08:32 ocdtrekkie has quit [Read error: Connection reset by peer]

09:37 harish has joined #sandstorm

12:22 xet7 has joined #sandstorm

14:17 taktoa has joined #sandstorm

15:29 koad has joined #sandstorm

15:42 taktoa has quit [Ping timeout: 240 seconds]

16:25 pie_ has joined #sandstorm

17:40 xet7 has quit [Remote host closed the connection]

18:44 charlie-de-tx has joined #sandstorm

18:48 taktoa has joined #sandstorm

18:49 <charlie-de-tx> I prefer to use my own DNS/domain and SSL. If I'm using sandstorm for wekan, docuwiki, and davros is there need for a wildcard DNS entry and SSL cert?

18:52 <TimMc> charlie-de-tx: yep

18:53 <TimMc> Under the covers, every time you open a grain it is presented on a unique subdomain, hence the need for wildcard DNS and a wildcard TLS cert.

18:53 <TimMc> but you can get the latter for about $45/yr

18:53 <charlie-de-tx> I've never seen a subdomain in my sandcats.io

18:54 <TimMc> oh and I guess Let's Encrypt can do wildcard certs now

18:54 <TimMc> charlie-de-tx: The iframe containing the UI fro the grain is running on a subdomain.

18:55 <charlie-de-tx> ok, thanks, Tim about the subdomain. And yeah, I think I'll look into the Let's Encrypt

18:56 <charlie-de-tx> that's all I was curious about. Thanks

18:56 <Zarutian> re iframe, subdomains and 'origins': as the iframe is on an origin that is a subdomain of the enclosing frame then doesnt the enclosing frame have access to everything in the iframe?

18:57 <Zarutian> I ask mainly to point out that it might be possible to use sandboxed iframes with never-the-same origin and proxy all xmlhttp and such through a message port to the enclosing frame.

18:58 charlie-de-tx has quit [Quit: http://www.kiwiirc.com/ - A hand crafted IRC client]

19:02 koad has quit [Read error: Connection reset by peer]

19:15 <ccx> Zarutian: I haven't really dug too deep into sandstorm, but I believe the enclosing frame works as a powerbox and thus is supposed to have the access.

19:17 <Zarutian> ccx: sure. I was just thinking of why the subdomains were used and I suspect for seperation from sibling iframes and such.

19:29 <TimMc> It protects from CSRF attacks and similar -- can't make those attacks if you can't predict the hostname. :-P

19:29 <TimMc> I don't know if that's the main reason though.

21:52 taktoa has quit [Ping timeout: 265 seconds]

22:09 taktoa has joined #sandstorm

22:30 koad has joined #sandstorm

23:18 ocdtrekkie has joined #sandstorm

23:18 <ocdtrekkie> There's a whole page on why Sandstorm uses wildcards, FWIW: https://docs.sandstorm.io/en/latest/administering/wildcard/

23:20 <ocdtrekkie> Generally speaking, this is probably the best thing to make sure people who ask about it see.

23:21 <ocdtrekkie> As for everything Zarutian said, that's well above my understanding. ;)

23:28 taktoa has quit [Ping timeout: 264 seconds]