Hi all, I have installed and configured Openfire 4.0.2 with Openfire meetings plugin version 0.3.15 and i also integrated it with AD, after creating focus user in AD etc…
Everything is working fine and I wanted to thank you all that had contributed on making this great piece of software possible.
That said I found some issues that I would like to solve. But i will need some help from you.
Issues are:
1.- I want to avoid anonymous users to be able to create meeting rooms.
2.- When i get prompted about user/password on ofmeet web interface if i give openfire admin user but a wrong password then i am granted access to the site. (this seems to me like a great security issue)
But I can’t find how to do that could you please lend me a hand on this?
Q2 Are you sure that you are not reusing the cached credentials. Close the browser session completely including the icon on the system tray and try a new login.
When login in a new PC the behavior is fine as i told you before.
But when login in a PC where the admin has already been loged previously (even if I close the session and close the systray icon) a person can get access to the website only knowing the username since once i get asked for user password puting there the admin user and a wrong password im allowed access to the webpage and even to create any room i want (since this user has room creation privileges).
Maybe It’s something I’m doing wrong? or is it a bug?
I have done some some tests and reproduced your described behaviour. From what I have read so far, the last successful credentials are cached and reused by the chrome web browser ignoring whatever you put in the password field. Restarting chrome does not make a difference.
I am still trying to find out how to reset the cache.
Hi Dele. Thanks for taking time to test it. Seems to me like a big security issue dont know why chrome keeps caching user credentials if I havent been asked to save them.
Firefox is far more secure browser could you give me some info on a plugin for Firefox? Is there any plugin out there I can use? or any development started that I can help with?