What is the purpose of the passwords that are set in the conference node?
They seem optional (I no longer fill them up) and are never asks for
Using Drupal as a frontend, the proper authorizations for attendees and moderators are already managed at the node level, so the module could forge anything that please bbb once a user has access to the node.
Proposed fix:
- remove the password settings and make sure never bbb will ask for
or
- indicate they are optional and make them having some useful purpose.

CommentFileSizeAuthor
#9 bbb.module.patch3.52 KBmadxdog
Support from Acquia helps fund testing for Drupal Acquia logo

Comments

jvieille’s picture

Title: Purpose of passwords? » Remove passwords settings
Version: 6.x-1.0-beta1 »
Category: support » task

My guess is that passwords are only there to make bbb happy.
We absolutely do not need them as the meeting node access permissions already control the meeting attendance.
My understanding is that if passwords are not filled up, they are generated randomly.
In any case, the user will never have to fill them up himself.

I suggest removing these items in the node meeting settings

jvieille’s picture

+1

jvieille’s picture

+1

madxdog’s picture

I would like to see better use of the password, not removal.

For instance, BigBlueButton + LDAP integration at a college or university. Authenticated users -- those listed in the LDAP Directory, don't need to know BBB passwords., we can use this module to allow, say, faculty and department coordinators to schedule meetings and classes, faculty to moderate, and students to attend.

But what if a researcher within the institution was to create a meeting and wanted her colleagues from other outside institutions to attend. These people are not listed in university LDAP directory, and thus cannot login. Module administrator could set permissions for anonymous users to attend meetings, but now every John, Moe, and Sally in the universe can join any meeting at the institution. BUT, if the module could require anonymous users to supply a meeting password, then the researcher could send that password to just her invited colleagues, and some semblance of security is preserved.

madxdog’s picture

Version: » 6.x-1.0-beta1

I modified my copy of the module to include an "attend meetings with password" permission, assigned to the anonymous user role. When anonymous user views a meeting node, a message and password textbox appear in the meeting block. If no password is entered, attendance is denied. If password does not patch attendeePW, attendance is denied.

I can provide a patch file if interested

sanduhrs’s picture

A patch would be appreciated.

jvieille’s picture

+1

yzfr1’s picture

I would like the patch file as well.

madxdog’s picture

FileSize
3.52 KB

here is a patch. I created it against the bbb-6.x-1.x-dev release

madxdog’s picture

Version: 6.x-1.0-beta1 » 6.x-1.x-dev