hi
can the user changes javascript file with inspect element and run it?
for example the user can publish video but cant publish audio
can he changes the javascript file with inspect element and publish audio?
i take tokens with php so the users cant see the password.
tanks
You shouldn’t allow that everyone could see the OpenVidu secret.
To securieze your app, you should include your credentials in your backend.
yes i do it
i mean
can user change javascript file
for example the user can publish audio but cant publish video
can the user publish video after change javascript file
Yes. The protection you have is given by the user Role. Checkout role definitions in OpenVidu Node Client reference docs: https://docs.openvidu.io/en/2.15.0/api/openvidu-node-client/enums/openvidurole.html
So you can assign to each user whether they are a SUBSCRIBER, a PUBLISHER or a MODERATOR. But that only defines what openvidu-browser methods are they allowed to call. For example, a hacker with SUBSCRIBER role could modify the JS code to call Session.publish, but that call will be rejected in openvidu-server. Same for MODERATOR-only methods.
But this does not include publishing audio or video. If you are worried about some user hacking your system to also publish video when he should only be able to publish audio, you can of course control what the rest of users play ar their end. Event if your user publishes video, you can control whether the rest of users reproduce only the audio track.
2 Likes