different instances / salts
218 views
Skip to first unread message
Reimar Bauer
Aug 7, 2012, 4:32:58 AM8/7/12
to bigblueb...@googlegroups.com
Hi
I there a way to have different instances of the server software or
different salts in one installation?
The problem is that I need the salt in any of my wiki installations.
The wikis have different users. Each moderator
of a wiki can get the bbb salt from the config and therefore access to
all rooms of my bbb server.
Any idea how that can be solved?
Reimar
I there a way to have different instances of the server software or
different salts in one installation?
The problem is that I need the salt in any of my wiki installations.
The wikis have different users. Each moderator
of a wiki can get the bbb salt from the config and therefore access to
all rooms of my bbb server.
Any idea how that can be solved?
Reimar
Fred Dixon
Aug 7, 2012, 8:41:57 AM8/7/12
to bigblueb...@googlegroups.com
Hi Reimar,
Each BigBlueButton server has a single URL and salt (shared secret).
Not knowing the wiki you are using, or whether you have created your own integration with BigBlueButton or are using an existing one, one possible solution would be to modify the Wiki interface provided to the wiki administrators so that the URL and salt are not visible. This assumes that access to the BigBlueButton configuration is provided through a plugin of sorts in the wiki.
In other words, remove the UI to access the URL and salt from the plugin.
The URL and salt would still be stored in a database, so you could use SQL queries to set the URL and salt. This gives you access to the settings as you have access to the server, but not the administrators who only have access to the Wiki interface.
Regards,... Fred
--
BigBlueButton Developer
BigBlueButton Developer
BigBlueButton on twitter: @bigbluebutton
Reimar
--
You received this message because you are subscribed to the Google Groups "BigBlueButton-dev" group.
To post to this group, send email to bigblueb...@googlegroups.com.
To unsubscribe from this group, send email to bigbluebutton-...@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/bigbluebutton-dev?hl=en.
HostBBB.com
Aug 7, 2012, 12:15:35 PM8/7/12
to BigBlueButton-dev
Reimer, we have made some custom changes to api controller to handle
multiple salts and client directorys for our shared hosting platform,
If this is what you a looking for i can share more detials on what we
did.
Basically we delimit salts with a pipe | and just add them to the
standard properties file like normal. the controller validates multi
salts, and then returns custom directory path for client based on a
range of digits in the salt. this way you can serve multiple branded
clients if needed from single server.
Ideally the api will allow passing a custom client url long tern, but
this works for us now, and we can easily turn on/off a hosting
account, by just disabling salt.
This is really a service proviser enhancement and not really needed
for main stream installs.
Regards,
Stephen
hostbbb.com
On Aug 7, 8:41 am, Fred Dixon <ffdi...@gmail.com> wrote:
> Hi Reimar,
>
> Each BigBlueButton server has a single URL and salt (shared secret).
>
> Not knowing the wiki you are using, or whether you have created your own
> integration with BigBlueButton or are using an existing one, one possible
> solution would be to modify the Wiki interface provided to the wiki
> administrators so that the URL and salt are not visible. This assumes that
> access to the BigBlueButton configuration is provided through a plugin of
> sorts in the wiki.
>
> In other words, remove the UI to access the URL and salt from the plugin.
>
> The URL and salt would still be stored in a database, so you could use SQL
> queries to set the URL and salt. This gives you access to the settings as
> you have access to the server, but not the administrators who only have
> access to the Wiki interface.
>
> Regards,... Fred
> --
> BigBlueButton Developerhttp://bigbluebutton.org/http://code.google.com/p/bigbluebutton
multiple salts and client directorys for our shared hosting platform,
If this is what you a looking for i can share more detials on what we
did.
Basically we delimit salts with a pipe | and just add them to the
standard properties file like normal. the controller validates multi
salts, and then returns custom directory path for client based on a
range of digits in the salt. this way you can serve multiple branded
clients if needed from single server.
Ideally the api will allow passing a custom client url long tern, but
this works for us now, and we can easily turn on/off a hosting
account, by just disabling salt.
This is really a service proviser enhancement and not really needed
for main stream installs.
Regards,
Stephen
hostbbb.com
On Aug 7, 8:41 am, Fred Dixon <ffdi...@gmail.com> wrote:
> Hi Reimar,
>
> Each BigBlueButton server has a single URL and salt (shared secret).
>
> Not knowing the wiki you are using, or whether you have created your own
> integration with BigBlueButton or are using an existing one, one possible
> solution would be to modify the Wiki interface provided to the wiki
> administrators so that the URL and salt are not visible. This assumes that
> access to the BigBlueButton configuration is provided through a plugin of
> sorts in the wiki.
>
> In other words, remove the UI to access the URL and salt from the plugin.
>
> The URL and salt would still be stored in a database, so you could use SQL
> queries to set the URL and salt. This gives you access to the settings as
> you have access to the server, but not the administrators who only have
> access to the Wiki interface.
>
> Regards,... Fred
> --
JarrodJay
Aug 7, 2012, 7:46:07 PM8/7/12
to bigblueb...@googlegroups.com
Hello Stephen,
I'm interested in further details of what you altered to achieve this.
I wasn't sure how to go about this- so created a mini-authorisation layer in between BBB, on another server. The client has their own salt and sets the server URL to http://bbb.mydomain.com. This server checks in a database if their salt is valid, and if so- passes the API call on to the actual bbb server at http://b*.mydomain.com. Doing so provides an easy administration management to disable / enable accounts (it also monitors storage, usage in hours, which bbb server they are on, log their API calls, etc). The downside is that it is an extra call / step for each API call (which isn't a huge deal as we don't have too much traffic).
Thanks,
Jarrod.
Message has been deleted
HostBBB.com
Aug 7, 2012, 8:15:07 PM8/7/12
to BigBlueButton-dev
Jarrod,
Much easiier i just added 10 lines of code to api controller to look
for delimited salt string, and then reform the redirect link....
Nothing stops a salt from being ALPHA NUMERIC so part of it can be
readable text which is used to form the directory path.
So if youi had 234as4d4a23dHOSTBBB for a salt it would serve up
client from HOSTBBB directory in /var/www/bigbluebutton/
If you only have 1 salt, still works fine and uses standard path.
You need to compile bbb-web and redeplo changes on the server.
Also every call iterates thru salts looking for match, but
realistically your not going to have more then 6-12 cms tied a server,
so checksum validation is still instant.
This isnt the long term solution, but works for now.
Regards,
Stephen
On Aug 7, 7:46 pm, JarrodJay <shad...@gmail.com> wrote:
> Hello Stephen,
>
> I'm interested in further details of what you altered to achieve this.
> I wasn't sure how to go about this- so created a mini-authorisation layer
> in between BBB, on another server. The client has their own salt and sets
> the server URL tohttp://bbb.mydomain.com. This server checks in a database
> > > > To post to this group, send email to bigblueb...@googlegroups.com<javascript:>.
Much easiier i just added 10 lines of code to api controller to look
for delimited salt string, and then reform the redirect link....
Nothing stops a salt from being ALPHA NUMERIC so part of it can be
readable text which is used to form the directory path.
So if youi had 234as4d4a23dHOSTBBB for a salt it would serve up
client from HOSTBBB directory in /var/www/bigbluebutton/
If you only have 1 salt, still works fine and uses standard path.
You need to compile bbb-web and redeplo changes on the server.
Also every call iterates thru salts looking for match, but
realistically your not going to have more then 6-12 cms tied a server,
so checksum validation is still instant.
This isnt the long term solution, but works for now.
Regards,
Stephen
On Aug 7, 7:46 pm, JarrodJay <shad...@gmail.com> wrote:
> Hello Stephen,
>
> I'm interested in further details of what you altered to achieve this.
> I wasn't sure how to go about this- so created a mini-authorisation layer
> in between BBB, on another server. The client has their own salt and sets
> if their salt is valid, and if so- passes the API call on to the actual bbb
> server athttp://b*.mydomain.com. Doing so provides an easy administration
>
> > > > To unsubscribe from this group, send email to
> > > > bigbluebutton-...@googlegroups.com <javascript:>.
> > > > To unsubscribe from this group, send email to
JarrodJay
Aug 13, 2012, 8:36:28 PM8/13/12
to bigblueb...@googlegroups.com
Hey Stephen,
Thanks for your reply. That seems quite logical and efficient!
I'll look into it when I get the time.
Jarrod.
gmr
Mar 15, 2013, 11:07:09 AM3/15/13
to bigblueb...@googlegroups.com
Hi,
How to Create Multiple salts for Bigbluebutton, can BBB supports Multi-tenancy, Because i want to run Multiple session on single instance and i want to create different login's for different users, is it possible, if possible please guide me..
Thanks,
Madhukar
Fu Jiantao
Mar 15, 2013, 12:02:39 PM3/15/13
to bigblueb...@googlegroups.com
Hi Madhukar,
I think you should create your own user management rather than relay
on multiple salt support
Regards,
Jeromy
2013/3/15 gmr <madhuka...@gmail.com>:
> To unsubscribe from this group and stop receiving emails from it, send an
> email to bigbluebutton-...@googlegroups.com.
>
> To post to this group, send email to bigblueb...@googlegroups.com.
> Visit this group at http://groups.google.com/group/bigbluebutton-dev?hl=en.
> For more options, visit https://groups.google.com/groups/opt_out.
>
>
I think you should create your own user management rather than relay
on multiple salt support
Regards,
Jeromy
2013/3/15 gmr <madhuka...@gmail.com>:
> email to bigbluebutton-...@googlegroups.com.
>
> To post to this group, send email to bigblueb...@googlegroups.com.
> Visit this group at http://groups.google.com/group/bigbluebutton-dev?hl=en.
> For more options, visit https://groups.google.com/groups/opt_out.
>
>
HostBBB.com
Mar 16, 2013, 6:59:11 AM3/16/13
to BigBlueButton-dev
gmr,
If you are technical this .80 code modification in paramsprocesserutil
allows you enter in multiple SALTs "|" delimited into
bigbluebutton.properties and it serves up different client directories
for each SALT where directory is just 5-9char of salt. For example
048f5GMBBBd9640ba57e91122288ef38 would serve client from /GMBBB.
Quick and "dirty" way to provision multi salts and serve different
clients. Requires a restart of BBB any time changes are made.
Regards;
Stephen
hostbbb.com
public boolean isChecksumSame(String apiCall, String checksum, String
queryString) {
log.debug("checksum: [{}] ; query string: [{}]", checksum,
queryString);
if (StringUtils.isEmpty(securitySalt)) {
log.warn("Security is disabled in this service. Make sure this is
intentional.");
return true;
}
// handle either checksum as first or middle / end parameter
// TODO: this is hackish - should be done better
queryString = queryString.replace("&checksum=" + checksum, "");
queryString = queryString.replace("checksum=" + checksum + "&", "");
queryString = queryString.replace("checksum=" + checksum, "");
log.debug("query string after checksum removed: [{}]",
queryString);
log.debug("Security Salt: [{}]", securitySalt);
String delims = "[|]+";
String[] tokens = securitySalt.split(delims);
for (int i = 0; i < tokens.length; i++){
String cs = DigestUtils.shaHex(apiCall +
queryString + tokens[i]);
String temp = tokens[i] + " " + cs + " " +
checksum;
log.debug("Check [{}]:[{}]", i, temp );
if ( cs.equals(checksum) == true ) {
log.info("checksumGood: request did pass the checksum security
check");
return true;
}
}
log.debug("checksumError: Failed");
return false;
}
public String getUrlPath(String apiCall, String checksum, String
queryString) {
String urltemp = "/client/BigBlueButton.html";
if (StringUtils.isEmpty(securitySalt)) {
log.warn("urlPath No salt, return default.");
return urltemp;
}
queryString = queryString.replace("&checksum=" + checksum,
"");
queryString = queryString.replace("checksum=" + checksum + "&", "");
queryString = queryString.replace("checksum=" + checksum, "");
String delims = "[|]+";
String[] tokens = securitySalt.split(delims);
for (int i = 0; i < tokens.length; i++){
String cs = DigestUtils.shaHex(apiCall +
queryString + tokens[i]);
String temp = tokens[i] + " " + cs + " " +
checksum;
log.debug("Check [{}]:[{}]", i, temp );
if ( cs.equals(checksum) == true ) {
log.info("checksumGood: urlPath");
String urlpath = "/client/" + tokens[i].substring(5,9)
+ "/" ;
return urlpath;
If you are technical this .80 code modification in paramsprocesserutil
allows you enter in multiple SALTs "|" delimited into
bigbluebutton.properties and it serves up different client directories
for each SALT where directory is just 5-9char of salt. For example
048f5GMBBBd9640ba57e91122288ef38 would serve client from /GMBBB.
Quick and "dirty" way to provision multi salts and serve different
clients. Requires a restart of BBB any time changes are made.
Regards;
Stephen
hostbbb.com
public boolean isChecksumSame(String apiCall, String checksum, String
queryString) {
log.debug("checksum: [{}] ; query string: [{}]", checksum,
queryString);
if (StringUtils.isEmpty(securitySalt)) {
log.warn("Security is disabled in this service. Make sure this is
intentional.");
return true;
}
// handle either checksum as first or middle / end parameter
// TODO: this is hackish - should be done better
queryString = queryString.replace("&checksum=" + checksum, "");
queryString = queryString.replace("checksum=" + checksum + "&", "");
queryString = queryString.replace("checksum=" + checksum, "");
log.debug("query string after checksum removed: [{}]",
queryString);
log.debug("Security Salt: [{}]", securitySalt);
String delims = "[|]+";
String[] tokens = securitySalt.split(delims);
for (int i = 0; i < tokens.length; i++){
String cs = DigestUtils.shaHex(apiCall +
queryString + tokens[i]);
String temp = tokens[i] + " " + cs + " " +
checksum;
log.debug("Check [{}]:[{}]", i, temp );
if ( cs.equals(checksum) == true ) {
log.info("checksumGood: request did pass the checksum security
check");
return true;
}
}
log.debug("checksumError: Failed");
return false;
}
public String getUrlPath(String apiCall, String checksum, String
queryString) {
String urltemp = "/client/BigBlueButton.html";
if (StringUtils.isEmpty(securitySalt)) {
log.warn("urlPath No salt, return default.");
return urltemp;
}
queryString = queryString.replace("&checksum=" + checksum,
"");
queryString = queryString.replace("checksum=" + checksum + "&", "");
queryString = queryString.replace("checksum=" + checksum, "");
String delims = "[|]+";
String[] tokens = securitySalt.split(delims);
for (int i = 0; i < tokens.length; i++){
String cs = DigestUtils.shaHex(apiCall +
queryString + tokens[i]);
String temp = tokens[i] + " " + cs + " " +
checksum;
log.debug("Check [{}]:[{}]", i, temp );
if ( cs.equals(checksum) == true ) {
log.info("checksumGood: urlPath");
String urlpath = "/client/" + tokens[i].substring(5,9)
+ "/" ;
return urlpath;
Madhukar Reddy
Mar 16, 2013, 1:08:26 PM3/16/13
to bigblueb...@googlegroups.com
Hi Stephen,
thank for ur mail.
actually i have installed BBB 0.81-dev version,so is it supports multi-tenancy, second thing already i have integrated BBB in my moodle portal, so with single saltkey and url cna we integrate multiple moodle portals.
Thanks,
Madhukar
To unsubscribe from this group and stop receiving emails from it, send an email to bigbluebutton-...@googlegroups.com.
To post to this group, send email to bigblueb...@googlegroups.com.
Visit this group at http://groups.google.com/group/bigbluebutton-dev?hl=en.
--
With Warm Regards,
G.Madhukar Reddy
HostBBB.com
Mar 16, 2013, 1:38:47 PM3/16/13
to BigBlueButton-dev
Madhukar,
This should work the same with .81, your just modifying 2 functions
but you would need to debug. I have tested it with 100 salts and their
is no real performance issues, you add couple hundred milliseconds to
the create and join command which is un-noticeable to user.
Any existing integration will work with this change. You can add
moodle, wordpress, tiki users all to the same BBB system. We are
working on some other changes in our service provider controller to
ensure distinct meeting-id/recordings are returned to prevent users
from retrieving recordings when they use a similar meeting id.
regards,
Stephen
> ...
>
> read more »
This should work the same with .81, your just modifying 2 functions
but you would need to debug. I have tested it with 100 salts and their
is no real performance issues, you add couple hundred milliseconds to
the create and join command which is un-noticeable to user.
Any existing integration will work with this change. You can add
moodle, wordpress, tiki users all to the same BBB system. We are
working on some other changes in our service provider controller to
ensure distinct meeting-id/recordings are returned to prevent users
from retrieving recordings when they use a similar meeting id.
regards,
Stephen
>
> read more »
Reply all
Reply to author
Forward
0 new messages