I'm decided to outline a distinct discussion about the OM security. Below is my rsponse to ivan.bolzer . In http://code.google.com/p/openmeetings/issues/detail?id=741 he asked for preventing from uploaded file deletion - everybody can delete the file from the server.
---------------- I believe, Openmetings is targeted to a friendly auditorium. In 99% of the meetings occurred all participants respect each other and won't be doing such wicked things like intentional file deletion, shouting at the microphone etc. If another user has deleted some document by mistake, it's not a problem. The origin of the document is in speaker's computer, so he/she can upload it again. Once more, the Openmeetings is now for friendly environment. You're absolutely right that it lack for defense against aggressive environment. I think, we should talk over the further development in the security direction. I see a number of things that should be improved: - Any user can delete any file from the server - Any user can disturb all other users, transmit a noise etc., a moderator cannot even mute him - Only an administrator can kick off users, but a moderator is not obligatory an administrator - Any user can login as many times as he wants using just one account - A registration process doesn't support any kind of defence against bot registrations - The same concerning authorization - Anyone can send spam using invitations and meeting schedule. All the letters will be sent by OM server - If a user changes a resolution of his own image and presses "Reload", the traffic increases. So this is the way to go the server down. If several users increase a resolution of all the windows (their own as well as other participant's), the traffic (both ingoing and outgoing for server) increases dramatically. - No check for the real server bandwidth. If a traffic overcomes the bandwidth, a lag makes the OM useless. - Everyone can make a lot of spots during the presentations. Though they disappear quickly, 10-20 or even 30 spots can really disturb everyone. - Though it not the business of OM server, banning by IP from inside the OM may be useful I guess one can add more OM security holes to this list. So I encourage everybody enrich the list on (and fix the problems). --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "OpenMeetings User" group. To post to this group, send email to openmeetings-user@googlegroups.com To unsubscribe from this group, send email to openmeetings-user+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/openmeetings-user?hl=en -~----------~----~----~----~------~----~------~--~---
