Security Advice: Update your integration code if you use latest builds
4 views
Skip to first unread message
Sebastian Wagner
Nov 14, 2009, 7:38:04 AM11/14/09
to openmeet...@googlegroups.com, openmeet...@googlegroups.com
hi,
I've updated the Documentation for the SOAP Integration.
You can create now moderated Rooms:
http://code.google.com/p/openmeetings/wiki/SoapMethods#addRoomWithModeration
And you can specify users to be Moderator by default:
http://code.google.com/p/openmeetings/wiki/SoapMethods#setUserObjectAndGenerateRoomHash
the new URL is different from previous integrations. Old mechanism will still work but its recommended to update.
The new mechanism returns a HASH in the method setUserObjectAndGenerateRoomHash
This hash already holds the information:
- Which room-id to enter
- if the user is Moderator or not.
- the URL does not contain the SID anymore, so the user cannot steal the admin-SID to abuse the SOAP Gateway with an already authentificated token
and the hash is only one time valid, so users cannot take the link and send by mail to number of people that all have then access to the room without any application control
You can use one of the latest nightly builds to start testing it.
sebastian
--
Sebastian Wagner
http://www.webbase-design.de
http://openmeetings.googlecode.com
http://www.laszlo-forum.de
seba....@gmail.com
I've updated the Documentation for the SOAP Integration.
You can create now moderated Rooms:
http://code.google.com/p/openmeetings/wiki/SoapMethods#addRoomWithModeration
And you can specify users to be Moderator by default:
http://code.google.com/p/openmeetings/wiki/SoapMethods#setUserObjectAndGenerateRoomHash
the new URL is different from previous integrations. Old mechanism will still work but its recommended to update.
The new mechanism returns a HASH in the method setUserObjectAndGenerateRoomHash
This hash already holds the information:
- Which room-id to enter
- if the user is Moderator or not.
- the URL does not contain the SID anymore, so the user cannot steal the admin-SID to abuse the SOAP Gateway with an already authentificated token
and the hash is only one time valid, so users cannot take the link and send by mail to number of people that all have then access to the room without any application control
You can use one of the latest nightly builds to start testing it.
sebastian
--
Sebastian Wagner
http://www.webbase-design.de
http://openmeetings.googlecode.com
http://www.laszlo-forum.de
seba....@gmail.com
Reply all
Reply to author
Forward
0 new messages