From 79be6ea693f14fa5da14cd2fe326a46293355fa3 Mon Sep 17 00:00:00 2001 From: JC Brand Date: Wed, 28 Aug 2013 00:26:52 +0200 Subject: [PATCH] Add section about integration into other frameworks Also expand on the security question. --- index.html | 61 ++++++++++++++++++++++++++++++++++++++++-------------- 1 file changed, 46 insertions(+), 15 deletions(-) diff --git a/index.html b/index.html index 73c39aaca..000a65bc9 100644 --- a/index.html +++ b/index.html @@ -36,18 +36,10 @@

Converse.js can connect to any accessible XMPP/Jabber server, either from a public provider such as jabber.org, or to one you have set up yourself.

-

It's possible to enable single-site login, whereby users already authenticated in your website will also automatically be logged in on the chat server, +

It's possible to enable single-site-login, whereby users already authenticated in your website will also automatically be logged in on the chat server, but you will have to pre-authenticate them on your server. You can refer to the documentation for more info.

-

An add-on product that does exactly this, - already exists for the Plone CMS. Hopefully in the future more such add-ons will - be created for other platforms. -

- -

If you have integrated Converse.js into any other CMS or framework, - please let me know and I'll mention it on this page.

-

Features

Screencasts

@@ -75,6 +67,30 @@ + +

Integration into other frameworks

+ + + +

If you have integrated Converse.js into any other CMS or framework, + please let me know and I'll mention it on this page.

+

Demo

You can log in with any existing XMPP account. There is also a list of public XMPP providers on xmpp.net.

Note: currently the demo doesn't work in Internet Explorer older @@ -84,9 +100,25 @@ See here for more information.

Is it secure?

-

Yes. In this demo Converse.js makes an - SSL encrypted connection to a secure connection manager. - The connection manager then uses SSL and TLS to connect to an XMPP server.

+

+ Yes, as long as you can trust that the Javascript being downloaded is + not being tampered with. This page itself is served by Github and is not SSL Encrypted (e.g. HTTPS). + I don't know how probable it is that Github served pages could be hacked to + insert malicious Javascript. +

+

+ Ideally you'd want your site to be served via HTTPS, to make it more + difficult. In this case, use with caution. +

+

+ Converse.js makes HTTP requests to a connection manager, which in this case has an + SSL encrypted connection to an XMPP server.

+ The connection manager then uses SSL and TLS to connect to an XMPP server. +

+

+ Logging in happens via SASL and + TLS. +

That said, the developers don't assume any liability for any loss or damages as a result of using this software or demo. Use this demo at your own risk.

Session support

@@ -128,11 +160,10 @@ and GPL licenses.

Contact

-

You can follow me on Twitter and Identica

+

You can follow me on Twitter

My XMPP username is jc@opkode.im.

Send me an email via this contact form.

-