MEGAN NICOL

Review of wwwhisper

History of wwwhisper

First started in March of 2012Created by Jan Wrobel, a senior software

engineer at GoogleDesign Goals

Simplify how web-based resources are shared Eliminate need for site-specific username and

password databases

Comparison to other Tools

Wawp – Uses PHP and MySQL in order to login and restrict web access. Cost - Free

phpSecurePages- A PHP module that restricts access using a user account with password, stored in a MySQL database. Cost - $20

wwwhisper does not require a username, password, or account. Instead, it uses “approved” email addresses (with Persona to verify email address to grant access). Cost – Both Free and Charged ($10 & $25) Options

What is wwwhisper?

wwwhisper is a Heroku add-on tool that is used for authentication and authorization for an application.

Instead of using a username and password in order to limit the use of the app, wwwhisper grants access based on approved email addresses.

It also allows you to easily add or remove admins

Sustainability, Performance, & Pricing

wwwhisper supports Node.js, Ruby Rack and Rails based applications

There are 3 pricing options Starter – Free, 2 users, admin web interface,

authorization lib version monitoring, 10,000 authorization requests per month.

Basic - $10/month, 10 users, custom login page, admin web interface, authorization lib version monitoring, open locations, 1,000,000 authorization requests per month

Plus - $25/month, unlimited users, custom login page, admin web interface, authorization lib version monitoring, open locations, unlimited authorization requests

Benefit/Cost Analysis

For my final project, using wwwhisper will be extremely beneficial. Eliminates the writing of thousands of lines of code. It is free, and supports Node.js, so it can support smaller projects without cost. If more users or requests are needed, I believe that the cost ($10 or $25) are not exorbitant and will pay for themselves in terms of man hours to create and upkeep a user/password database.

Why use wwwhisper?

wwwhisper eliminates the need for writing authentication and authorization code, while still giving the user the ability to limit who can use their web application.

It is extremely simple to quick to install, requiring only 4 lines of code to implement.

Works very well with Persona.

Step 1: Provisioning the Add-On

Step 2: Obtain wwwhisper URL

Using the follow command gives you the ability to communicate with the wwwhisper service.

Step 3: Configuring with Node.js

Incredibly simple!

Demo

Maintenance

If necessary, you will be notified of any security updates that your authorization library may need.

Resources Citations

http://www.bigismore.com/web-development-tools/tools-for-web-authentication-and-authorization/

https://addons.heroku.com/wwwhisperhttp://mixedbit.org/blog/2014/01/08/

wwwhisper_add_on_for_node_js.htmlhttps://wwwhisper-demo.herokuapp.com/https://github.com/wrr/wwwhisper