Regarding allowing guest users to access the TURN server login info

[magiccpp1]

Hi ,

we would like to allow the guest users to access the TURN server login info, please review the minor change on voip.py. thanks.

[matrixbot]

Can one of the admins verify this patch?

[matrixbot]

Can one of the admins verify this patch?

[matrixbot]

Can one of the admins verify this patch?

[richvdh]

@matrixbot: ok to test

[ara4n]

[cue huge debate over security implications of letting guests relay traffic via TURN if they haven't completed a captcha]

[ara4n]

The conclusions here were:

• Yes, it's a slight security risk to let guests relay traffic via TURN
• One can mitigate it a bit by turning off TCP-over-TURN relaying (add setting (on by default) to support TURN for guests #2011), and adding in application layer filtering (Add SRTP application-layer filtering into coturn to stop people trying to use it to relay DNS/QUIC/COAP/whatever #2009), and configuring per-user quotas for TURN streams
• However, it's desirable to avoid VoIP being flakey as hell for guests.

I've documented the security implications and made this a configurable setting, and PR'd it as #2011, which supersedes this one. Thanks for bringing this into the spotlight! :)

[Rugvip]

Ok, thanks :) And just to fix some confusion, the PR is #2011, not #2010

[ara4n]

oops, thanks; fixed