How to protect a conference from multiple users connections with the same Join-URL?

[Li Ho]

Hi all!

Integrating BBB with our own CMS, I found one troublesome thing: if the user takes join URL from web-page's JS contents (we actually have no way to completely and securely hide this URL from an experienced user!) and gives it to someone another - this someone another may join the conference room with the same username! So, there it will be two (or anymore) users with the same username. It seems to be a great problem if the conference organizer wants to grant access to only limited group of participants. It might be a number of users outside of the group who could join it without permission using one's join URL.

Is there any working way in BBB to protect a conference from such multiple connections? Or the only way to avoid this is to develop my own solution over BBB?

Best regards
Mikaella

[Fred Dixon]

Hi Li,

> ... this someone another may join the conference room with the same username!

We don't represent that BigBlueButton provides a secure collaboration environment.  See

   https://code.google.com/p/bigbluebutton/wiki/FAQ#Can_I_provide_secure_access_to_BigBlueButton

There are ways to make it (much) harder for someone to connect, such as placing the BigBlueButton server on a VPN and requiring users login to the VPN first. 

This has been discussed in the past on the mailing list. I did a quick search and found the following thread

  https://groups.google.com/d/msg/bigbluebutton-setup/cQkR6AIECxY/RC7bTMpjHOwJ

Regards,.. Fred

--
You received this message because you are subscribed to the Google Groups "BigBlueButton-Setup" group.
To unsubscribe from this group and stop receiving emails from it, send an email to bigbluebutton-s...@googlegroups.com.
To post to this group, send email to bigbluebu...@googlegroups.com.
Visit this group at http://groups.google.com/group/bigbluebutton-setup.
For more options, visit https://groups.google.com/d/optout.

--
BigBlueButton Developer

http://bigbluebutton.org/
http://code.google.com/p/bigbluebutton

BigBlueButton on twitter: @bigbluebutton

[Li Ho]

Hi, Fred!

Thank you for the response.

I do not suppose to use any high-level security such as VPN or SSH, only the thing I need is to prevent users with equal usernames from joining a conference simultaneously. OK, I see, there isn't ready-to-use solution for this case :(, I have to develop my own one. Will it be appropriate to publish here the resulting solution, as it'll have been done, for anyone who needs the same thing?

Regards
Mikaella


четверг, 28 августа 2014 г., 23:42:14 UTC+4 пользователь Fred Dixon написал:

[Fred Dixon]

Hi Mikaella,

> ill it be appropriate to publish here the resulting solution, as it'll have been done, for anyone who needs the same thing?

That would be great!

Regards,... Fred

 

--

You received this message because you are subscribed to the Google Groups "BigBlueButton-Setup" group.
To unsubscribe from this group and stop receiving emails from it, send an email to bigbluebutton-s...@googlegroups.com.
To post to this group, send email to bigbluebu...@googlegroups.com.
Visit this group at http://groups.google.com/group/bigbluebutton-setup.
For more options, visit https://groups.google.com/d/optout.

[Chad Pilkey]

If your users are joining with unique usernames then performing a check for uniqueness could work, but if your users are joining with their real name you will run into a case where two people have the same name and your check for uniqueness will result in a false positive. This potential for a false positive means that a solution for all use cases isn't really possible in the core BBB code unfortunately, but it could definitely work in certain cases.

On Thursday, August 28, 2014 4:25:41 PM UTC-4, Fred Dixon wrote:

Hi Mikaella,

> ill it be appropriate to publish here the resulting solution, as it'll have been done, for anyone who needs the same thing?

That would be great!

Regards,... Fred

 

On Thu, Aug 28, 2014 at 4:21 PM, Li Ho <gad...@gmail.com> wrote:

Hi, Fred!

Thank you for the response.

I do not suppose to use any high-level security such as VPN or SSH, only the thing I need is to prevent users with equal usernames from joining a conference simultaneously. OK, I see, there isn't ready-to-use solution for this case :(, I have to develop my own one. Will it be appropriate to publish here the resulting solution, as it'll have been done, for anyone who needs the same thing?

Regards
Mikaella


четверг, 28 августа 2014 г., 23:42:14 UTC+4 пользователь Fred Dixon написал:

Hi Li,

> ... this someone another may join the conference room with the same username!

We don't represent that BigBlueButton provides a secure collaboration environment.  See

   https://code.google.com/p/bigbluebutton/wiki/FAQ#Can_I_provide_secure_access_to_BigBlueButton

There are ways to make it (much) harder for someone to connect, such as placing the BigBlueButton server on a VPN and requiring users login to the VPN first. 

This has been discussed in the past on the mailing list. I did a quick search and found the following thread

  https://groups.google.com/d/msg/bigbluebutton-setup/cQkR6AIECxY/RC7bTMpjHOwJ

Regards,.. Fred

--

You received this message because you are subscribed to the Google Groups "BigBlueButton-Setup" group.

To unsubscribe from this group and stop receiving emails from it, send an email to bigbluebutton-setup+unsub...@googlegroups.com.

To post to this group, send email to bigbluebu...@googlegroups.com.
Visit this group at http://groups.google.com/group/bigbluebutton-setup.
For more options, visit https://groups.google.com/d/optout.

[Felipe Cecagno]

You could try to use the "userID" parameter on join, and make sure that each user in your system has a unique ID. Then on bbb-web you can reject the join if the userID is already connected.

I'm not sure how difficult it would be to implement.

--

   Felipe Cecagno

To unsubscribe from this group and stop receiving emails from it, send an email to bigbluebutton-s...@googlegroups.com.

[Li Ho]

I think, a CMS integrated with BBB should deal with uniqueness of usernames, using UserID, login, e-mail or other methods of user identification. And, also, the CMS needs to have a full control over the BBB join process to simply avoid joins not allowed but its (and/or real web project's) rules. Now the join process is controlled only by /bigbluebutton/api/join (that doesn't care about usernames' uniqueness at all) and cannot be surely controlled by a CMS. It is the only case I'd like to solve.

пятница, 29 августа 2014 г., 1:11:20 UTC+4 пользователь Chad Pilkey написал:

[Li Ho]

Hi Fred!

I have completed to solution and published it description in BigBlueButton-dev at: https://groups.google.com/d/topic/bigbluebutton-dev/okZg138WnJ4

Regards,
Mikaella

пятница, 29 августа 2014 г., 0:25:41 UTC+4 пользователь Fred Dixon написал: