Closed GoogleCodeExporter closed 9 years ago
?
you can only login via soap if the user you try to login via soap is of type
Administrator
Original comment by seba.wag...@gmail.com
on 10 Jun 2008 at 7:38
is of type Administrator == Role Administrator
Original comment by seba.wag...@gmail.com
on 10 Jun 2008 at 7:38
Yes! but a user of type administrator could login from login form and I write
in a
file the password of an administrator.
If the user has the role "Soap" and these users can not connect from login
form, with
that login and password is possible do less damages. If somebody hack the
system or
if I give a soap-user to third part.
My opinion
Original comment by err...@gmail.com
on 10 Jun 2008 at 7:46
hm yes but if you got a valid soap account you are indeed able to do a lot of
things
including deleting/add/ manage rooms and files.
And in the future you can even fully manage user-accounts and
register/add/update
users via SOAP. So it is correct if this User is of type Administrator.
I think basically you can add a new type of User-Role Soap and say this user is
can
not login via the web-frontend, but via SOAP, if he can do almost the same as an
Administrator via SOAP, what is the benefit from blocking him in the
Web-Frontend?
Original comment by seba.wag...@gmail.com
on 10 Jun 2008 at 8:09
A solution could be limit the possibility of soap-user.
for example the soap-user should connect only to the authorized room or the
room that
he has created, the same for recording conference.
Original comment by err...@gmail.com
on 10 Jun 2008 at 8:15
the SOAP-Role could be implemented that way, but the System would still allow
Administrator-User Role to do SOAP.
The Role-System would be then:
Administrator
SOAP-User
Moderator
User
so adding the SOAP-Role is an additional Role, but it will be still possible to
do
the same in Administration Role.
Original comment by seba.wag...@gmail.com
on 10 Jun 2008 at 8:24
This is already fixed, there is a user-type "Web-Service Only"
Original comment by seba.wag...@gmail.com
on 5 Sep 2011 at 9:19
Original issue reported on code.google.com by
err...@gmail.com
on 10 Jun 2008 at 7:34