LDEV-5204 Introduce improved security using hashing In vanilla Whiteboard a global access token is configured on server and must be present in all requests made to Whiteboard. It means that anyone can modify any whiteboard ID (wid). In LAMS we introduce a hash of wid + accesstoken. Users do not know access token, so they can not generate the hash for another wid. The hash is simple Java hashCode() function, sufficient for this situation. The hash does not include author name as it is not present in many use cases. The hash optionally has a different form: source wid + wid + accesstoken. It is when copyfromwid parameter is present. In this case the target canvas is using standard wid and hash, but for the extra call to source canvas we use source wid and the modified hash. This modified hash is only usable to copy content from this particular source wid to this particular target wid, so users can not use the hash to draw on the source canvas.
Loading ...