You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
the option to set a password in the jitsy mod configuration is good. Thank you.
I suggest, that this should not be a password, but a salt for passwords only.
Maybe the flow could be like this: If no jitsi_password is set, no password should be set (as default). But if jitsi_password holds a value, this should be used as salt to generate a password.
I suggest the password for a session is
the left five characters of the hash of (jitsi_password + session name)
Of course, it could be more than 5 characters - maybe the length of the salt? - but this procedure would enable individual passwords for all activities. This can be important, when the mod is used in a moodle installation with many jitsy-activities.
With only the standard passwort in jitsi_password it's much easer to join a session that one is not supposed to access.
To accomplish such behavior, these changes would do:
in session.php
change echo " api.executeCommand('password', '".$CFG->jitsi_password."');";
to echo " api.executeCommand('password', '". substr(md5($CFG->jitsi_password.urlencode($sessionnorm)),0,5) ."');";
and echo " api.executeCommand('password', '".$CFG->jitsi_password."');";
to echo " api.executeCommand('password', '". substr(md5($CFG->jitsi_password.urlencode($sessionnorm)),0,5) ."');";
Olaf
The text was updated successfully, but these errors were encountered:
Hi,
the option to set a password in the jitsy mod configuration is good. Thank you.
I suggest, that this should not be a password, but a salt for passwords only.
Maybe the flow could be like this: If no jitsi_password is set, no password should be set (as default). But if jitsi_password holds a value, this should be used as salt to generate a password.
I suggest the password for a session is
the left five characters of the hash of (jitsi_password + session name)
Of course, it could be more than 5 characters - maybe the length of the salt? - but this procedure would enable individual passwords for all activities. This can be important, when the mod is used in a moodle installation with many jitsy-activities.
With only the standard passwort in jitsi_password it's much easer to join a session that one is not supposed to access.
To accomplish such behavior, these changes would do:
in session.php
change
echo " api.executeCommand('password', '".$CFG->jitsi_password."');";to
echo " api.executeCommand('password', '". substr(md5($CFG->jitsi_password.urlencode($sessionnorm)),0,5) ."');";and
echo " api.executeCommand('password', '".$CFG->jitsi_password."');";to
echo " api.executeCommand('password', '". substr(md5($CFG->jitsi_password.urlencode($sessionnorm)),0,5) ."');";Olaf
The text was updated successfully, but these errors were encountered: