Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
What is the purpose of the passwords that are set in the conference node?
They seem optional (I no longer fill them up) and are never asks for
Using Drupal as a frontend, the proper authorizations for attendees and moderators are already managed at the node level, so the module could forge anything that please bbb once a user has access to the node.
Proposed fix:
- remove the password settings and make sure never bbb will ask for
or
- indicate they are optional and make them having some useful purpose.
Comment | File | Size | Author |
---|---|---|---|
#9 | bbb.module.patch | 3.52 KB | madxdog |
Comments
Comment #1
jvieille CreditAttribution: jvieille commentedMy guess is that passwords are only there to make bbb happy.
We absolutely do not need them as the meeting node access permissions already control the meeting attendance.
My understanding is that if passwords are not filled up, they are generated randomly.
In any case, the user will never have to fill them up himself.
I suggest removing these items in the node meeting settings
Comment #2
jvieille CreditAttribution: jvieille commented+1
Comment #3
jvieille CreditAttribution: jvieille commented+1
Comment #4
madxdog CreditAttribution: madxdog commentedI would like to see better use of the password, not removal.
For instance, BigBlueButton + LDAP integration at a college or university. Authenticated users -- those listed in the LDAP Directory, don't need to know BBB passwords., we can use this module to allow, say, faculty and department coordinators to schedule meetings and classes, faculty to moderate, and students to attend.
But what if a researcher within the institution was to create a meeting and wanted her colleagues from other outside institutions to attend. These people are not listed in university LDAP directory, and thus cannot login. Module administrator could set permissions for anonymous users to attend meetings, but now every John, Moe, and Sally in the universe can join any meeting at the institution. BUT, if the module could require anonymous users to supply a meeting password, then the researcher could send that password to just her invited colleagues, and some semblance of security is preserved.
Comment #5
madxdog CreditAttribution: madxdog commentedI modified my copy of the module to include an "attend meetings with password" permission, assigned to the anonymous user role. When anonymous user views a meeting node, a message and password textbox appear in the meeting block. If no password is entered, attendance is denied. If password does not patch attendeePW, attendance is denied.
I can provide a patch file if interested
Comment #6
sanduhrsA patch would be appreciated.
Comment #7
jvieille CreditAttribution: jvieille commented+1
Comment #8
yzfr1 CreditAttribution: yzfr1 commentedI would like the patch file as well.
Comment #9
madxdog CreditAttribution: madxdog commentedhere is a patch. I created it against the bbb-6.x-1.x-dev release
Comment #10
madxdog CreditAttribution: madxdog commented