Tag Archives: Code

Blackboard collaborate

I’ve just been working on a site that integrates with Blackboard Collaborate. I just thought I would say something about it here as when I looked for information from a developers point of view there wasn’t a lot online.

What Blackboard Collaborate is

Its a conferencing solution where you can voice/video chat and share desktop and a white board divide members of a meeting into rooms and have sub meetings etc. So like a conferencing solution. Its probably easiest to actually try it out rather than me describe it. They have a testing/configuration room here.

If you interested you can sign up for a demo via their site that gives you your own room you can play with and invite delegates to.

The Good

  • You get a video and voice sharing sessions that aren’t affected by web browsers. Its all written in Java and you launch via a java web start file. So in theory you shouldn’t have to install software on anyones machine.
  • Its ment to be quite undemanding on the specification of client machines and the quality of the internet connection.
  • You can be hosted on their servers so you don’t have to deal with hosting software on your own machines.
  • They have an api so you can set up sessions remotely and add attendees and moderators leaders. And give each attendee a url to login directly with no passwords/usernames.
  • Because they have an API you should be able to integrate with it via your programming language of choice as long as you can use SOAP. I guess in theory it would be easiest to use Java, but I used PHP and it was fine.
  • You do get a contact who you can ask questions directly.

The Bad

  • Cost – I’m not sure how much exactly (the client is paying but they said a lot) on the other hand Adobe Connect is more.
  • Location – their servers seem to be based in North America so it can be slower if your outside of the US. Seems most of their clients are based in North and South America but that might just be my perception. That can make there maintenance times our UK morning and their people start work our lunch time.
  • If you search online there isn’t a great deal of experience online dealing with their API. On the other hand they do provide you with good pdf documentation of the API and requests once you have signed up.
  • It uses java and downloading the java web start file can confuse people its not a massively common file type. The thing is to always open/run the ‘meeting.jnlp’ file.

Notes for other developers

These are some of the things that threw me a little.

  • You want to be using a 64bit OS to develop on as they specify session start times with a specifity that goes beyond what you can achieve on 32bit. If you use a 32bit OS all your session start times appear in the past to their server as they get truncated.
  • The information they give you to login to the web control interface is different from that which you need to use to access the API.
  • The .wsdl file isn’t available at all on the live server. On their test server it is. When they say to cache the wsdl file they don’t mean temporarily. Grab it from their test server and then use that local copy permanantly.
  • In their web interface you need to have java enabled in your browser or you end up with some blank admin webpages. Which was a bit confusing until I viewed source.

The alternatives

I don’t know a lot about the alternatives my client only investigated Adobe Connect and Blackboard Collaborate. I’d be interested if anybody does know of an alternative. It seems that Elluminate which got taken over by blackboard and became blackboard collaborate had fans.

Web Application Security Checklist

Been assessing the vulnerabilities of a site I’m building at the moment and trying to come up with a list of potential vulnerabilities so that I can check that I’ve dealt with them all. This is where I’ve got to so far please point out any you think I’ve missed.

Errors

  • errors aren’t displayed, other than we just had an error if really necesary, not the details
  • errors are logged
  • if logged to files those files aren’t accessible by visitors

Only public viewable files are visible

  • access to any non public folders are restricted
  • includes, class definitions settings files etc.
  • if you were to try and access they would act like a resource that doesn’t exist

Parameter filtering

  • input isn’t trusted
  • input is filtered, escaped etc
  • output is escaped

SQL injection

  • query params are quoted, bound dealt with according to your database
  • the security of access to the database itself
  • database users
  • database server access

Vulnerabilities of software included

Any ready made systems, libraries used in the site are at the latest version and they don’t publish what version they are at. Including language and server software versions e.g. say ruby don’t say ruby 1.9

Cross site scripting

Origin of requests

  • where origin of requests should be via self make sure it is.

Brute force

  • login points throttle repeated requests in order to slow down dictionary attacks
  • log repeated login attempts by ip and useragent
  • block abusers according to blocking policy

Passwords

  • passwords are non dictionary words and of adequate length and variety of case and character
  • passwords are stored encrypted in a way that makes unencrypting them awkward if they were ever accessed.

Spam

  • all public forms have some form of captcha device
  • all public email addresses are obscured in some way

File system access

  • ftp, sftp, ssh users
  • file permissions are correct

Access with curl and more bot like access paths mirror that of normal browser based viewer or are more restricted.

Login

  • unsuccessful logins and successful logins are logged.

Monitoring of access and file modification times to check files havn’t been modified when they shouldn’t have been by some other than authorised source.

Well that is my first attempt I guess I can always add to it as I think of new issues and read more. Hopefully without getting too paranoid.

References

Symfony

Jakub Zalas gave a talk at PHP London last night about Symfony components.
Not something I knew much about so interesting to hear about. YAML component sounds good and Event Dispatcher component seemed like it might be useful too. They also have a Finder that allows you to find files and directories. I’m not sure what I’d use it for (but i’m sure it would come in useful somewhere).
You can use the components independently of the framework. Jakub said the community is very good and the documentation is being expanded quite fast, what I’ve seen looks quite good.

Oh and the components have nice logo pictures so that is me won over. I’ll add them to my list of technologies to poke.

Perhaps the next thing I build will be in Symfony or involving it any way.