你好， 我尝试通过Lib-Jitsi-Meet制作了一个界面，它运行的非常棒。
可以，我担心这样的事情发生：
仅查看权限的用户，进入会议室后，他只能看和听，仅是一个观众或者查看者，但是他是作为Jitsi会议的一员加入的，并不是通过Jibri转发的直播。
如果这位观察者熟悉Lib-jitsi-meet的调用函数，会是不是可以通过F12的调试功能，把会议给关闭了？
我怎样避免这种事情发生呢？

会议本身是有密码的，但是查看者进入，也是通过这个密码的。所以，我猜他是有权限这样做的。

Hi, I tried to make an interface with lib-jitsi-meet and it works great.

Yes, I’m worried about something like this:

A view-only user, once in a conference room, can only watch and listen as a viewer, but he(she) joined as a member of the Jitsi meeting, not as a live stream forwarded by Jibri.

If the observer(viewer) is familiar with the lib-jitsi-meet call function, would it be possible to disable(close) the meeting using F12 debugging?

How can I prevent this from happening?

The conference itself has a password, but the viewer enters through this password. So, I guess he had the authority to do that.

I don’t think you can prevent that easily. The meeting runs the JS code in the user machine, so you can’t prevent them from doing dumb things.

Perhaps officials should consider this, as Jitsi meetings can be used by hundreds of people in one meeting. Some people can easily hang up a meeting with JS code, or do something else, which would be very insecure.

That only disrupts their meeting, not everyone else’s. If they want to hangup and leave they are free to do so. There are no security implications, so I’m not sure why think this is insecure.

There are so many things others can do with libjs, including kicking someone off, transferring moderator privileges, muting someone, etc. All permissions are available.

Only if you are already a moderator. If you are not, you cannot do those.

image858×784 26.8 KB

kickParticipant ，There is no write permission requirement

Need to be added to the docs. PR is welcome.
If you try it out from non moderator participant you will see an error in the console and nothing will happen. All those are handled server side.

Thanks .
谢谢