Hacker News new | ask | show | jobs
by nichol4s 4606 days ago
The difference is that with TogetherJS you will not be able to handle websites that require login. Surfly can handle that in a secure way.

Next, Surfly just works on any website - without the need to write a single line of code. For example, you can use it right now on GitHub. If you wanted to have such functionality with TogetherJS you would have to modify your website accordingly (i.e., by using a special version of the Ace editor).
2 comments
Zakuzaa 4606 days ago
So how exactly do you handle sites that require logins?
link
nichol4s 4606 days ago
Only the controller fires the HTTP requests. The viewer just gets DOM updates, so cookie's (session secrets) or password will never be send to the follower.
link
Zakuzaa 4606 days ago
I do not quite understand, sorry. I am concerned about security.

Why am I allowed to login into say, Trello.com, while I am on surfly.com domain? Shouldn't my browser's cross-domain security policy prohibit this practice?

Is it all being done through a proxy? If so, is it not true that a lot of sites don't work over proxy?

[Edit] And if it is indeed proxy, doesn't that mean you can read my password(s) in clear text?

link
nichol4s 4606 days ago
The proxy is needed to make sure that we can modify the content in such a way that it works correctly during the session. We sandbox the site so that everything keeps works correctly. I'll go deeper into this in a blog post soon.

The connection to the proxy is encrypted and if the site you login also uses https, your password will never be send in clear text over the wire. Since form submissions are not actually replayed on the viewer's side, we only keep them for the time of the request and only in memory. For those companies who want to control the security fully we are working on a on a solution that can be installed on-premise.

link
niutech 4606 days ago
TogetherJS works on any website too! Just grab a Firefox addon (https://togetherjs.com/togetherjs.xpi) or Chrome extension (https://chrome.google.com/webstore/detail/towtruckcrx/hpobkk...)
link
veemjeem 4606 days ago
Yes, but you can't send your friend the surfly link. You have to ask your friend to also install the addon before you can collaborate on the same website. Extensions are cool, but not practical in the real world scenario.
link