Fred T-H committed 274c998

adding a note about not focusing on JS

Comments (0)

Files changed (1)

 * Adding wiki entries about how to build Chut
 * And much more!
+Note that Javascript/HTML features are not seen as a priority given the integration of such a chat client would be left in the hands of any site integrating it. The JS side isn't likely to be made much better with time unless I'm satisfied enough with the Erlang core.
 === How it's gonna be done ===
 Because Chut is meant to be plugged into an existing system, the maximum that will be done about authentication will be to do callbacks to a server that will care about all the authentication-related stuff. Chut will require a session ID (to be set in the user's cookies by the other site) and a session token (to be set in the page itself). On each call coming from the site, Chut's JS system will need to send the session token to the server with the cookie. The server will then act only after validating these. This will help protect against CSRF and identity theft, but will leave the burden of user authentication and storage on the main site, where it belongs. A cache with values for session-id and username could be added to avoid repeated calls to the main site.