Data Protection Issue: Recordings are public #8870
Comments
|
This is a very important issue for us as we currently cannot record any internal or otherwise confidential meetings. I could also imagine that there could be problems with the GPDR. Would it be hard to implement an additional secret (analogous to the one for protecting the conferences themselves) in the BBB-API so that Greenlight, Moodle etc. could use it to handle access control to the recordings? |
|
I want to join this feature request. It is also possible to use brute force method to guess the meeting ID, so anyone could play a meeting. It is only a question of time to be known for anyone and it would create a zoom-like data protection issue... :-( |
|
This is related to #8505 |
|
I faced the same problem in my infrastructure and solved it by adding an internal auth mechanism and more finegrained control to the publish state set by greenlight, see here: https://github.com/ichdasich/bbb-rec-perm |
|
Merging with #8505. |
Describe the bug
If you record a meeting in BBB, it is linked in Moodle or Greenlight.
If you then click on "Presentation", the video playback opens. This URL could be copied and sent. The recipient can view them without the need for authentication.
Just like here:
https://yourserver.com/playback/presentation/2.0/playback.html?meetingId=2f66cfc0caa8191a31d4ee9b2ad47a25axxx-158514xxx
Very few will probably do this, but this is critical from a data protection point of view.
To Reproduce
Steps to reproduce the behavior:
Expected behavior
Recorded videos should only be opened with authentification.
Actual behavior
Everybody can watch a video via the playback URL.
The text was updated successfully, but these errors were encountered: