Activity lams-github/lams_build/conf/whiteboard/scripts/server-backend.js

Tree
Accordion

Stats

Commits this week: 0

Total Committers:	2
Last Commit:	11 Feb 23
Commits this week:	0

Lines of code count not available

Commit Activity

last updated a few seconds ago

Constraints

Constraints: committers

Committer:

Log Comment:

Constraints: files

File Extension:

File Name:

Constraints: dates

Start Date:

Start Date:

End Date:

End Date:

Saturday 01 May 2021

12:12 am

Marcin Cieslak

More
6583579
changed 10 files
v4.7, v4.8

LDEV-5204 Introduce improved security using hashing

In vanilla Whiteboard a global access token is configured on server and

must be present in all requests made to Whiteboard. It means that anyone

can modify any whiteboard ID (wid).

In LAMS we introduce a hash of wid + accesstoken. Users do not know

access token, so they can not generate the hash for another wid.

The hash is simple Java hashCode() function, sufficient for this

situation.

The hash does not include author name as it is not present in many use

cases.

The hash optionally has a different form: source wid + wid +

accesstoken. It is when copyfromwid parameter is present. In this case

the target canvas is using standard wid and hash, but for the extra call

to source canvas we use source wid and the modified hash. This modified

hash is only usable to copy content from this particular source wid to

this particular target wid, so users can not use the hash to draw on the

source canvas.

- -0
- +403
./server-backend.js
- History
- Source
./server-backend.js
… 9 more files in changeset.

Atlassian Fisheye Git analysis (Version:4.8.10 Build:20220620091927 2022-06-20 09:21) - Administration - Page generated 2025-05-16 14:08 +0800

Fisheye (Server) Unlimited Users: Open Source License License registered to Learning Activity Management System (LAMS).

Version 4.8.13 is available.