vincentfretin
commented
2 years ago I actually merged that in master. I'll revert the commit on master and enable again the subscribe message with proper security when I'll have the use case for it.
Closed vincentfretin closed 2 years ago
vincentfretin
commented
2 years ago I actually merged that in master. I'll revert the commit on master and enable again the subscribe message with proper security when I'll have the use case for it.
Don't handle subscribe message until we change the API to secure it with JWT. This API is not used currently by naf-janus-adapter, but this can still be used for eavesdropping if the UserId of a participant in a room can be easily known (not a random clientId), see my example https://github.com/mozilla/janus-plugin-sfu/pull/81#issuecomment-822468168
This is a temporary PR for those using JWT to secure their rooms. I won't merge this. I'll close this PR once I work on: