Update failed, uninstall and new install works!
Marcel C
Posts
-
participants have to authenticate even with user_auth: false -
New Wordpress version solved vulnerability6.5.2 is out since yesterday with a solution for: https://www.wordfence.com/blog/2024/04/unauthenticated-stored-cross-site-scripting-vulnerability-patched-in-wordpress-core/
-
participants have to authenticate even with user_auth: falseI was very hopeful but it still doesn’t work as expected, the participant still needs to login while the host is online and waiting. Tested in Safari iPadOS and Safari iOS.
-
participants have to authenticate even with user_auth: falseThis setting:
host: { protected: true, user_auth: false,
should make it possible to start as host an authenticated video conference and ANY participant that has the URL can join without authentication.
According to the docs it is done by storing the IP of the host (who started the video conference)…..
-
participants have to authenticate even with user_auth: false@imc67 said in participants have to authenticate even with user_auth: false:
@nebulon on this page https://docs.mirotalk.com/mirotalk-sfu/host-protection/ it says:
Host Protection Logic:
If host.protected is set to true, the following logic applies:
- Host login with username and password is required.
- Upon successful login, the IP is saved as a valid authentication IP.
- After authentication, the host can create a room, join a room, and share the room link.
- All guests can join until the host logs out.
- When the host leaves the room or exits the browser, their IP is removed from valid auth IPs to prevent unauthorized access.
- To access it again, the host needs to provide a username and password.
- If host.user_auth is set to true, additional authentication is required.
@nebulon can it be that the app doesn’t use the host’s IP but the container “internal” IP like some apps do sometimes keeps asking for authentication?
-
participants have to authenticate even with user_auth: false@nebulon on this page https://docs.mirotalk.com/mirotalk-sfu/host-protection/ it says:
Host Protection Logic:
If host.protected is set to true, the following logic applies:
- Host login with username and password is required.
- Upon successful login, the IP is saved as a valid authentication IP.
- After authentication, the host can create a room, join a room, and share the room link.
- All guests can join until the host logs out.
- When the host leaves the room or exits the browser, their IP is removed from valid auth IPs to prevent unauthorized access.
- To access it again, the host needs to provide a username and password.
- If host.user_auth is set to true, additional authentication is required.
-
participants have to authenticate even with user_auth: false@avatar1024 said in participants have to authenticate even with user_auth: false:
@MiroTalk said in participants have to authenticate even with user_auth: false:
I will verify this as it is not the expected behavior.
Have you been able to reproduce this? Or any clues what the problem might be?
Many thanks
@MiroTalk With the latest stable version 1.4.14 the logic still doesn't work as expected, the setting below makes also the participants to have a username / password:
host: { protected: true, user_auth: false,
-
netdata - real-time monitoring@girish I think a good instruction will do
-
What's coming in 7.7Only persons with a double first name it becomes:
Marie Therese van der Steen tot Oberndorff
First name: Marie
Lastname: Therese van der Steen tot Oberndorff -
What's coming in 7.7@girish I hadn’t checked but indeed it works with a new Cloudron user in Wordpress!
Thanks!!
-
What's coming in 7.7@girish this was noticed and discussed more than a year ago … https://forum.cloudron.io/topic/8345/cloudron-ldap-middle-name-not-correctly-propagated
-
participants have to authenticate even with user_auth: falsesame issue here, I would like to have only a username/password to be able to start a session and all the invited participants can use it immediately. Better would be OIDC or LDAP support because usernames and passwords stored in config files is sooo .......
-
Any issues with including NetData on the root server and as an app add-on?@nebulon https://forum.cloudron.io/post/85552
as far as I know the agents have a GUI unsecured, but when installing on Cloudron you can App proxy them to secure. Then you can default "connect" them to the Netdata Cloud or change the config to "connect" them to your own central Agent that is "collecting" the data streams from itself and the connected agents.
-
netdata - real-time monitoring@girish I still use Netdata installed on all three Cloudron servers + 3 RPI's.
On Cloudron I access them via AppProxy so they are secured. Then all the Agents are currently connected to the Netdata Cloud and I can see them all in one dashboard.
I don't know what Enterprise Agent is?
As far as I know agents are streaming data to the local webGUI or to the Netdata Cloud GUI.
-
8G Firewall - Wordpress - Can we use this for the Cloudron Wordpress?I use the 7G version already for a year on all the Wordpress and LAMP websites and it just seems to work, no issue found. Yesterday I discovered also the new version 8G and planning to test/use it soon.
-
Wordpress apps: authldap plugin removed from repositoryAs of the 7th of March the “mandatory/ default” plugin authldap is removed from the Wordpress.org plugin repository.
This plugin has been closed as of March 7, 2024 and is not available for download. This closure is temporary, pending a full review.
On GitHub and Wordfence you can see there was a long time security issue that the developer didn’t want to solve.
Maybe time to switch to Cloudron’s Oauth?
-
Serious OIDC EspoCRM issues!In a privacy tab of the browser I log into EspoCRM with OIDC and then log out from EspoCRM. You then see the log in OIDC button, when you press that you’re immediately logged in again without any credentials.
I can reproduce it in Safari and Firefox in MacOS and Safari in iOS.
-
What's coming in 7.7Don’t forget the patch for https://forum.cloudron.io/post/81829
-
Since last update: error in NextcloudI can say that since the 'flag' was set, after 5 days there were no such errors anymore!
-
Serious OIDC EspoCRM issues!After 3 weeks and 3 updates waiting I decided to update again and instruct the users.
@girish there is still the issue of not being able to log out. This is also a security issue when users are sharing a PC (and that happens quite often in a small office). This issue is generic for all OIDC apps and thus a security issue for all those apps ... what do you think?