Hello Sebastian, I found a solution. We can have a separate proxy server for serving these "simplified" requests.
Ok, let's keep it out of the releases. -- With best regards / с наилучшими пожеланиями, Alexei Fedotov / Алексей Федотов, http://dataved.ru/ +7 916 562 8095 On Thu, Sep 6, 2012 at 6:50 PM, [email protected] <[email protected] > wrote: > Hi Alexei, > > my idea was to generate an SDK that does the SOAP/REST API calls for the > user. > Your task has several security issues that we will not be able to push > to a public version: > The URL you are talking about would contain the SOAP/REST or even admin > user. > So by simply looking at the URL the user would have all access rights > to the OpenMeetings server. > > It is essantial that the entity that does the SOAP/REST APi call is > NOT the end user that enters the conference room. > That is why all those SOAP API calls are implemented in PHP and not in > JavaScript. You would never give any end user your SOAP/REST API > credentials. > The calls to integrate should always happen from server to server. > > Sebastian > > 2012/9/6 Alexei Fedotov <[email protected]>: > > Hello folks, > > > > I think of Openmeetings marketing. I suggest the following feature which > > serves mostly for marketing purposes. For some special case I want to get > > rid from hash. The secure hash makes things more secure, and more > complex. > > We need some form of lightweight integration people can try themselves. > > > > The suggested interface is the following: > > <iframe src=" > > > http://demo.dataved.ru/openmeetings/?public=1&firstname=UrlEncodedFirstName&lastname= > > UrlEncodedLastName&language=LanguageNumber"></iframe> > > > > It works best with 80 port tunnelling. The simpler URL is, the more > people > > will try it and put into their web sites. We get more users, more testing > > and, maybe, more contributors. > > > > Here is some data I used to come to the feature: > > 1. Monitoring of google search results for "embed videoconference into > your > > web site". > > 2. Jitsi plug-in where I invented special "SOAP proxy" for requesting the > > hash due to very special network configuration our client uses. > > 3. A request from a web portal to embed the web conference. They do not > > embed html5 banners because it is too complex, only swf or gif. > > 4. Discussions with Maxim. > > 5. Most of our clients use one room per server. > > > > DDOS/security problem workarounds: > > the feature is switched off by default, we enable it on demo servers with > > free registration > > the "public" server room has a limited number of users by default, so one > > can expect no more than > > > > Sebastian, folks, > > is it ok to have this feature in the main branch? > > > > -- > > With best regards / с наилучшими пожеланиями, > > Alexei Fedotov / Алексей Федотов, > > http://dataved.ru/ > > +7 916 562 8095 > > > > BTW, at some point we may start using standard language codes instead of > > numbers. > > > > -- > Sebastian Wagner > https://twitter.com/#!/dead_lock > http://www.webbase-design.de > http://www.wagner-sebastian.com > [email protected] >
