Wrox Programmer Forums

Need to download code?

View our list of code downloads.

Go Back   Wrox Programmer Forums > XML > BOOK: Professional XMPP Programming with JavaScript and jQuery
Password Reminder
Register
| FAQ | Members List | Search | Today's Posts | Mark Forums Read
BOOK: Professional XMPP Programming with JavaScript and jQuery
This is the forum to discuss the Wrox book Professional XMPP Programming with JavaScript and jQuery by Jack Moffitt; ISBN: 978-0-470-54071-8
Welcome to the p2p.wrox.com Forums.

You are currently viewing the BOOK: Professional XMPP Programming with JavaScript and jQuery section of the Wrox Programmer to Programmer discussions. This is a community of tens of thousands of software programmers and website developers including Wrox book authors and readers. As a guest, you can read any forum posting. By joining today you can post your own programming questions, respond to other developers’ questions, and eliminate the ads that are displayed to guests. Registration is fast, simple and absolutely free .
DRM-free e-books 300x50
 
 
Thread Tools Search this Thread Display Modes
  #1 (permalink)  
Old October 29th, 2013, 06:40 AM
Registered User
Points: 14, Level: 1
Points: 14, Level: 1 Points: 14, Level: 1 Points: 14, Level: 1
Activity: 0%
Activity: 0% Activity: 0% Activity: 0%
 
Join Date: Oct 2013
Posts: 3
Thanks: 0
Thanked 0 Times in 0 Posts
Smile XMPP Strophe JS Best Practice

I'm familiarized with server-side programming (eg. PHP, ASP.NET, and so on), but not with a pure Javascript application (like Strophe.JS which is more likely client-side).

Some point that I concern about Strophe.JS:
  • Security
    Is it secure to make a pure Javascript application since the modern browser could see your code and even modify them (Inspect element)?
    Someone could be see your connection properties by looking your Javascript code.
  • Session State
    When I logged in to my application, is it possible to remember my session since Javascript couldn't establish session state like server-side programming language do (as I know). Is it possible to combining Strophe.JS with server-side programming?
  • Application Architecture
    So far, I always use Javascript just for View-Tier (eg. updating HTML interface), not for Controller-Tier. Is it possible to implement MVC framework on Strophe.JS? I mean using Strophe.JS for View-Tier and server-side programming for Controller-Tier?

What is the best practice for developing chat application using XMPP?

Sorry for my bad English, thanks in advance
  #2 (permalink)  
Old October 29th, 2013, 11:29 AM
Wrox Author
Points: 702, Level: 10
Points: 702, Level: 10 Points: 702, Level: 10 Points: 702, Level: 10
Activity: 0%
Activity: 0% Activity: 0% Activity: 0%
 
Join Date: Jan 2010
Posts: 178
Thanks: 0
Thanked 16 Times in 15 Posts
Default

For security, the attack you are worried about is some cross-origin script modifying your code. For the most part, browsers are hardened against this kind of attack. Users can obviously inspect the app, but they can also run your binary in a debugger, so while it's mechanically easier, it doesn't change much.

You can save session state the same way you normally do and then open a BOSH connection on the server side and pass the SID, RID, and JID to the client and use connection.attach() to establish the connection. This is called pre-binding, and it has the nice property that the user's password is never stored in the JavaScript or needed to be entered client side.

I'm probably not the best person to answer your last question. You might try the Strophe.js mailing list. Certainly many people have integrated Strophe.js with MVC client side applications, so probably what you want is possible.
  #3 (permalink)  
Old November 2nd, 2013, 04:15 PM
Authorized User
Points: 182, Level: 3
Points: 182, Level: 3 Points: 182, Level: 3 Points: 182, Level: 3
Activity: 0%
Activity: 0% Activity: 0% Activity: 0%
 
Join Date: May 2013
Posts: 40
Thanks: 0
Thanked 0 Times in 0 Posts
Default

My solution to the authentication problem is this: I completely get rid of PHP sessions. Instead, I use PHP to check the database and confirm that the username, password combo matches. If they do, then I establish a strophe connection and register the user's specific details such as username, unique member Id, email etc, as javascript variables. I make them namespace objects so that I can use them througout the application. Upon connection fail or if the user voluntarily logs out, I return these variables to null. What do you guys think?
  #4 (permalink)  
Old December 13th, 2013, 02:02 PM
Registered User
Points: 14, Level: 1
Points: 14, Level: 1 Points: 14, Level: 1 Points: 14, Level: 1
Activity: 0%
Activity: 0% Activity: 0% Activity: 0%
 
Join Date: Oct 2013
Posts: 3
Thanks: 0
Thanked 0 Times in 0 Posts
Default

Hi, there thanks for reply

I've read the BOSH session attachment with Strophe.js in chapter 12.

I'm glad that Strophe supporting this feature :) That's very helpful. But when I try to implement connecting with session attachment, I've got some problem with the RID.

I'm using Openfire server. I did my pre-binding system and SID & RID maintenance from my server side code. Every time I go to my page, I'm requesting the latest RID form my pre-bind service and increment it by 1 (RID = RID + 1).

There's no problem when I'm doing session attachment for the first time. But when I refreshed the page or open the new tab a problem occurred with this error message POST http://myopenfireserver/http-bind/ 404 (Invalid SID.)

Now I'm realizing that every time a request occurred, Strophe will automatically increment its RID by 1.
For example, let's say my first RID from PHP-prebind service is: 123456.
Then I'm doing session attachment with RID: 123457.
When I'm sending ping IQ, Strophe will automatically request with RID: 123458.
Next when I'm sending presence IQ, Strophe will request with RID: 1234569

In this case my last RID from PHP-prebind service is 123457 and when I refreshed the page, strophe will request with that RID. Seems Openfire won't accepted request with the same RID as previous. Is that right?

This is my screenshot of XHR
 


Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Trackbacks are Off
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
BOSH, Strophe, and Openfire iowadeifan BOOK: Professional XMPP Programming with JavaScript and jQuery 11 March 31st, 2014 03:08 PM
Register XMPP-Account using the Strophe.js-Register-Plugin ede32 BOOK: Professional XMPP Programming with JavaScript and jQuery 3 January 27th, 2013 01:55 PM
Punjab fails on localhost (500 Internal Server Error), using Strophe.js HyprGeek BOOK: Professional XMPP Programming with JavaScript and jQuery 0 January 9th, 2013 01:55 AM
Strophe hangs after attaching nielsvh BOOK: Professional XMPP Programming with JavaScript and jQuery 1 February 5th, 2012 07:37 PM
Using sha1 passwords in Strophe.js semper BOOK: Professional XMPP Programming with JavaScript and jQuery 1 June 28th, 2010 02:15 PM



All times are GMT -4. The time now is 11:56 PM.


Powered by vBulletin®
Copyright ©2000 - 2020, Jelsoft Enterprises Ltd.
© 2013 John Wiley & Sons, Inc.