mupuf.org // we are octopimupuf.org

WtComments: A Secure Way of Serving Comments on Static Blogs!

Posted by Martin Roukala, né Peres on , In categories mupuf.org, wt, wtcomments .

As a new proud user of Octopress I missed the comment section that I used to have on our previous blog (powered by Django). However, I knew something could be done and months later, I finally did something about it :).

So, let me introduce you to Wt Comments:

Wt Comments is a project that was written in order to allow users to comment on static websites (such as http://www.mupuf.org). The goal was to create a secure, minimal and self-standing binary that would serve user’s comments as needed. These comments are to be stored in a JSON file.

I wanted a program that would run under a specific UID (using FCGI or a built-in http server) and that would provide strong separation between code and data in order to limit the risks posed by this service to the system. I decided to write this project in Wt, a C++ Web Framework that I have been looking into using for a while now, because it satisfied all my pre-requirements and allowed the usage of hardware and gcc security features such as the NX bit and canaries.

The program has been written with portability in mind. However, it is currently limited to Linux due to one simple function (getExeDirectory()). Feel free to send me patches ;)

Features

Here is a short feature list:

  • Self contained: One binary linked on libwt, libfcgi, libboost and libcurl (optional)
  • Hacker-friendly: No backend administration, everything is stored in JSON text files!
  • Highly reactive: Thanks to Wt, we have instant comments update across clients
  • Broad browser support: Thanks to Wt, we support most browser, even the ones with no Javascript support!
  • Easy to develop on: The code is open and very short (less than 1k lines)
  • Security: Strict separation between code and data thanks to using C++ and easy isolate (standalone process)

Development

This project was supposed to be a week-end project that ended up being a week-long project. I was so impressed by the capabilities of the Wt that I kept on adding features and debugging them!

In this effort, I have also been joined by Timothée Ravier who wrote the systemd service.

I will keep on updating/fixing it as time passes. Feel free to start contributing!

Installation

For installation instructions, please follow our README.

Conclusion

Now that I have installed Wt Comments, feel free to leave a comment! We would love to hear back from you guys!

Comments