Problem in "Files User"

[GoogleCodeExporter]

Which version of OpenMeetings are you running?
0.8RC2

What's your operating system on client and server side?
Server : linux; Client : Windows

Hi,

I think there is one bug, it concerns "Files user"...
The moderator and another user in the conference could import documents,
that's ok.
But the simple user could remove document and move page in his whiteboard. 
For the first, I think the simple user could not remove document because
it's removed
for moderator to !!! so he is necessary to import again !
For the second, the simple user could change page on document, that's good
but the
problem is that change on the whiteboard of the moderator.
I think the user could change page but if it changes,  it must not affect the
moderator...
Peharps another solution will be to implement another whiteboard: for
example the
first would be share and the second, personnal.

What do you think ?

Thanks

Bidab

Original issue reported on code.google.com by ivan.bol...@gmail.com on 20 May 2009 at 7:59

[GoogleCodeExporter]

I think users should download documents for their personal use to their 
computers,
thus there is no need to implement a personal whiteboard.

As for whiteboard updates, I believe uploads or deleting of files should be 
managed
by the same security scheme, as whiteboard drawings. 

Original comment by alexei.f...@gmail.com on 9 Jun 2009 at 4:29

[GoogleCodeExporter]

Hi,

OK, In my comment I speak about another problem....

Moderator and simple user could import and dowload files, that's great.
BUT simple user could DELETE files too, I think it's a very important problem.
Moderator prepares his conference and "hop", simple user delete all files...not
really good...

What do you think about this ?

Bidab

Original comment by ivan.bol...@gmail.com on 12 Jun 2009 at 8:55

[GoogleCodeExporter]

Ivan,
All,

I believe, Openmetings is targeted to a friendly auditorium. In 99% of the 
meetings 
occurred all participants respect each other and won't be doing such wicked 
things 
like intentional file deletion, shouting at the microphone etc.

If another user has deleted some document by mistake, it's not a problem. The 
origin 
of the document is in speaker's computer, so he/she can upload it again.

Once more, the Openmeetings is now for friendly environment. You're absolutely 
right 
that it lack for defense against aggressive environment. I think, we should 
talk over 
the further development in the security direction.

I see a number of things that should be improved:
- Any user can delete any file from the server
- Any user can disturb all other users, transmit a noise etc., a moderator 
cannot 
even mute him
- Only an administrator can kick off users, but a moderator is not obligatory 
an 
administrator
- Any user can login as many times as he wants using just one account
- A registration process doesn't support any kind of defence against bot 
registrations
- The same concerning authorization
- Anyone can send spam using invitations and meeting schedule. All the letters 
will 
be sent by OM server
- If a user changes a resolution of his own image and presses "Reload", the 
traffic 
increases. So this is the way to go the server down. If several users increase 
a 
resolution of all the windows (their own as well as other participant's), the 
traffic 
(both ingoing and outgoing for server) increases dramatically.
- No check for the real server bandwidth. If a traffic overcomes the bandwidth, 
a lag 
makes the OM useless.
- Everyone can make a lot of spots during the presentations. Though they 
disappear 
quickly, 10-20 or even 30 spots can really disturb everyone.
- Though it not the business of OM server, banning by IP from inside the OM may 
be 
useful

I guess one can add more OM security holes to this list. So I encourage 
everybody 
enrich the list on (and fix the problems).

Original comment by e.rovin...@gmail.com on 13 Jun 2009 at 11:14

[GoogleCodeExporter]

I think we can close this. 
There is now a 3. Roomtype called restriced where users cannot see or upload any
document.

Original comment by seba.wag...@gmail.com on 17 Nov 2009 at 8:50

• Changed state: Review