[Solved] Ideas for Jitsi (opinion)

This post was flagged by the community and is temporarily hidden.

If you work in IT you can easily set up your own server and enable the new Lobby feature which allows you to carefully select who you let in and who not.

After you kicked someone, they won’t be able to re-join unless you invite them in.

Yeah, I know but I’m still a noob to this projects and the names and files I have to learn about.
I’m still right though :wink:
I’m running a self-hosted server of jitsi-meet.
Ya know you said (After you kicked someone, they won’t be able to re-join unless you invite them in.) is that implemented now? or do I have to update, also id like to know about this lobby feature

This is what I mean to I am missing important features so yeah id love to see this.

Thanks for telling me :wink:

@MrParadise

You need secure domain setup. See the handbook: https://jitsi.github.io/handbook/docs/devops-guide/secure-domain

You have a theme you nearly all your posts by the way. Review the https://community.jitsi.org/faq

A whitelist (especially without authentication) is not real security.

Lobby room discussed here: Is there a documentation for the lobby feature just arrived

1 Like

I know lol I repeat myself a lot on my posts, I guess it’s because I think no one’s listening :slight_smile:
A whitelist beats a password anyday, after reading all the posts in the security thread it got me thinking or simple methods to code in just until they coded some better methods.

Many thanks for the links i’m learning as I go but because I know what its like making a WebRTC client and have my hacker friend test out my vulnerabilities, I know a lot about attacks and how they can be stopped so I do rattle on about it to much lol

The better method is the one I go on about the most and that’s the ( if banned room is never seen again unless unbanned) i’m surprised they have not done that yet because that’s all you would need, not much else! I don’t get why they haven’t done that? you wouldn’t need a password then or whitelist.

Anyway thanks for taking the time to read and ill check out the links many thanks :slight_smile:

Nice, but if you don’t have authentication, how would you know who to “ban”?
You don’t have an Id, you don’t have a profile, what will you use? You see only the IP of the peer, but that’s not a good thing to filter against, plus by design in the default install it’s meant to be stateless.
The new lobby feature is the best way to protect a stateless platform.

Once again, you have a stateless platform that has no login profiles and IDs, you keep saying the ID-based whitelisting is an option. It’s not - there are no real IDs.

The lobby feature is the best approach that keeps the stateless characteristic while adding an usable control. In fact it can act exactly as a whitelist, a temporary and ad-hoc one. Once again - because you don’t have IDs, logins and profiles. If you have your own install with enabled authentication - then of course you can have control, but we’re talking about the default platform configuration.

And I’m sorry you had to use Windows, I really am, and I know windows restricts your options in every way, but I don’t see how this is related.

1 Like

Well I am going to use the fail2ban method and make it so the rooms can only be created by me.
Im guessing you’re a linux lover lol by your comments about windows but I could do more with simple WebRTC and ASP.net server side when it came to security so windows was good for me, most other clients I did was on Linux though so yes it just depends on what your good at in the end :slight_smile: I been doing it since yahoo closed in 2007 lol

I am interested in this lobby you go on about if its close to what im saying about the whitelist i’d be very happy to be pointed in the right direction for that if you’d be so kind :slight_smile:

Many thanks.