Authentication in DimDim 4.5

  • alex_ct

    alex_ct - 2008-12-08


    Congratulations for a good release and documentation. I've followed your documentation
    and installed DimDim 4.5 on CentOS 5.2. One thing I would like advice about is how to activate some kind of authentication. Right now anyone can start a conference and that in most cases in undesirable. In the previous releases you had the option to change

    dimdim.authenticationPolicy=NO_CHECK in the file to
    CHECK_EMAIL  or CHECK_KEY and later edit



    Can this be done in version 4.5? Would you like to describe how it's done?

    Alex Contis

    • Greg S

      Greg S - 2008-12-11

      I have also been attempting to figure this out. Though not successful, here's what I have found out so far. I'm looking through the config file:


      And I found the following entries:


      Which reference:


      By default there are two users listed:


      When I change start_meeting_user_email to something else and try to start the meeting via the main page, it says the user is unauthorized. So it appears that authentication is enabled by default and the application automatically passes a default username (admin). The funny thing is, when I changed start_meeting_user_email and then tried to pass an authorized user name via the HTTP GET method described in the documentation, it didn't seem to work. I could be doing something wrong... Wouldn't be the first time...

      Anyway, if anyone else has any other ideas, let us know...

    • Greg S

      Greg S - 2008-12-11


      Actually you were on point exactly with the new version..

      Here's what I did.

      added the following line to /usr/local/dimdim/ConferenceServer/apache-tomcat-5.5.17/webapps/dimdim/WEB-INF/classes/resources/


      Then I commented out the following lines:

      ## start_meeting_user_email=admin
      ## start_meeting_user_name=Host

      Next I changed the dimdimPresenters.txt file to only include my email address

      Then I edited /usr/local/dimdim/ConferenceServer/apache-tomcat-5.5.17/webapps/dimdim/html/signin/signin.jsp to provide input for the username/email address:


            <td width="30%" align="right"><dm:I18NDisplayString component="forms" dictionary="ui_strings" key="meetingname.label"/></td>
            <td width="70%" align="left">
            <input type="text" name="confName" id="confName" class="TextBox_format" TABINDEX="2" />
            <input type="text" name="email" id="email" class="Hide"/>
            <input type="text" name="displayName" id="displayName" class="Hide"/>


            <td width="30%" align="right"><dm:I18NDisplayString component="forms" dictionary="ui_strings" key="meetingname.label"/><br/><br/>Username</td>
            <td width="70%" align="left">
            <input type="text" name="confName" id="confName" class="TextBox_format" TABINDEX="2" />
            <input type="text" name="email" id="email" class="TextBox_format"/>
            <input type="text" name="displayName" id="displayName" class="Hide"/>

      Restart the server and works like a charm. I figured out that somehow the application is passing as the default presenter ID (that's why it auto-populates), however I couldn't find out where to change that. I think it's in one of the java .class files, but I'm no developer, so that's going to remain a mystery until someone smarter than me answers some questions on here.

      One can also pass the username via the HTTP GET method described in the 4.5 Server integration guide. I tested it and it works...

      Hope this helps... I know it's not the most elegant solution in the world, but until someone answers the forums on how to get to the admin interface, this was what I had to do to get this up and running so not every Tom Dick and Harry could start presentations on my server.

    • Greg S

      Greg S - 2008-12-11

      Answered my own question

      I uncommented:

      ## start_meeting_user_email=admin

      in and changed it to:


      That kept the field from auto-populating...

      • alex_ct

        alex_ct - 2008-12-11


        Followed your instructions and everything works fine. Thank you! Now I can finally start testing DimDim.


    • Curt

      Curt - 2008-12-11

      Nice job!  I now can leave DimDim turned on!

    • Michael Hylkema

      Michael Hylkema - 2009-01-13

      This worked great for me!  I actually changed "Username" to "Passcode" as it doesn't have to be an email address.  Any text can be used, so you can supply a secure password instead of a possibly known email address.  Just make sure it's in the (unfortunately plaintext) dimdimPresenters.txt file.

    • Michael Hylkema

      Michael Hylkema - 2009-01-13

      I also unhid the Display Name so it can be customized.  One downside of using the email as a password is that it is not case sensitive.  It does allow for special characters however.

    • Andrew Wilson

      Andrew Wilson - 2009-02-01

      Oh dear have you tried the following (well this happens for me....), after setting an Email address or whatever in dimdimAdmins.txt, etc.

      Start a session.  Let people join that session, then once the meeting is underway, your guests can very simply click on the "Dimdim Web Meeting" white text line on the top left of their main window and start the debugging console (in IE-7 at least). This will reveal that secret password or Email address.  Not so secure.  I suspect this was a built-in function when 4.5 was being setup.

      I will get around this but wanted to let you guys know...


      • Kevin Micalizzi

        Kevin Micalizzi - 2009-02-02


        Thanks for letting us know.  I've forwarded your post over to the engineering team.  I know they're often on these forums, but sent an email to make sure they see this.

        Thanks again!

        Kevin Micalizzi, Community Manager
        Dimdim Web Conferencing /
        e: / twitter: @meetdimdim

      • tin htun aung

        tin htun aung - 2009-02-03

        Hi Andy,

        I also noticed it. The only way work around is you need to rebuild it.
        There's a click listener on the "Dimdim Web Meeting" title, which will pop up the debug panel.
        Check out this file


        For me, I just remove the line "logoTextLabel.addClickListener(DebugPanel.getDebugPanel());" and rebuild.

        If you guys see any other things like this, pls ring the bell.



    • Andrew Wilson

      Andrew Wilson - 2009-02-03

      Thanks for the reply ko_aung, unfortunately I am using the VMWare image so haven't built it.  Just wondered if there is a way of turning off the de-bug console option but as you say, it's java compiled so I suspect there is no way without an updated image.


    • Enrique Rodriguez

      will it be enough to just find the class file, decompile, edit, then recompile to cover this security hole? Or do I have to recompile the entire dimdim package?

    • Andrew Wilson

      Andrew Wilson - 2009-02-06

      Have you ever tried this?  I mean when a java file is de-compiled, I thought we lost all the comments and variable lists, etc.?  So I wouldn't have a clue which lines to take out. Perhaps digging out the source files will give us a clue.  I'm definitely no expert with Java though!   Ideas anyone? 

      Perhaps for goodwill, the Dimdim authors could simply provide an updated pre-compiled java file for us? 



Log in to post a comment.