Hi, I tried to make an interface with lib-jitsi-meet and it works great.
Yes, I’m worried about something like this:
A view-only user, once in a conference room, can only watch and listen as a viewer, but he(she) joined as a member of the Jitsi meeting, not as a live stream forwarded by Jibri.
If the observer(viewer) is familiar with the lib-jitsi-meet call function, would it be possible to disable(close) the meeting using F12 debugging?
How can I prevent this from happening?
The conference itself has a password, but the viewer enters through this password. So, I guess he had the authority to do that.
I don’t think you can prevent that easily. The meeting runs the JS code in the user machine, so you can’t prevent them from doing dumb things.
Perhaps officials should consider this, as Jitsi meetings can be used by hundreds of people in one meeting. Some people can easily hang up a meeting with JS code, or do something else, which would be very insecure.
That only disrupts their meeting, not everyone else’s. If they want to hangup and leave they are free to do so. There are no security implications, so I’m not sure why think this is insecure.
There are so many things others can do with libjs, including kicking someone off, transferring moderator privileges, muting someone, etc. All permissions are available.
Only if you are already a moderator. If you are not, you cannot do those.
kickParticipant ，There is no write permission requirement
Need to be added to the docs. PR is welcome.
If you try it out from non moderator participant you will see an error in the console and nothing will happen. All those are handled server side.