LDEV-5204 Introduce improved security using hashing In vanilla Whiteboard a global access token is configured on server and must be present …
Show more
LDEV-5204 Introduce improved security using hashingIn vanilla Whiteboard a global access token is configured on server andmust be present in all requests made to Whiteboard. It means that anyonecan modify any whiteboard ID (wid).In LAMS we introduce a hash of wid + accesstoken. Users do not knowaccess token, so they can not generate the hash for another wid.The hash is simple Java hashCode() function, sufficient for thissituation.The hash does not include author name as it is not present in many usecases.The hash optionally has a different form: source wid + wid +accesstoken. It is when copyfromwid parameter is present. In this casethe target canvas is using standard wid and hash, but for the extra callto source canvas we use source wid and the modified hash. This modifiedhash is only usable to copy content from this particular source wid tothis particular target wid, so users can not use the hash to draw on thesource canvas.
Show less
