suggestion: always show (blank) security parameters in private sessions

Question

suggestion: always show (blank) security parameters in private sessions

Opened this issue 4 years ago · 2 comments

Hi,

just a suggestion:
Maybe in private sessions the user should always be able to set the security parameters himself: When I as admin disable jitsi_securitybutton, the user has no way to set anything. In private sessions probably a) the "domain" passwort set by the admin should not be shown b) the user should be able to set one.

Olaf

Answer 1 · 2021-02-10T11:40:55.000Z

Hi,

quick fix
Open file sessionpriv.php
change
$security = ''; if ($CFG->jitsi_securitybutton == 1) { $security = 'security'; }

to
$security = 'security';

Of course using a setting of this mod would be nicer.
Olaf

Answer 2 · 2021-02-10T11:49:21.000Z

Hi,

to prevent showing the domain jitsy password, the admin set, we can fix this by changing two lines in sessionpriv.php
change
echo " api.executeCommand('password', '".$CFG->jitsi_password."');";
to
echo " api.executeCommand('password', '".time()."');";
and change
echo " api.executeCommand('password', '".$CFG->jitsi_password."');";
to
echo " api.executeCommand('password', '".time()."');";

Which will return a timestamp as password, making sure probably noone will accidently enter the session, but the passwort can easily be transferred to someone else.
Olaf