Topic: How to lock the conversation after the user leaves?

[Hugo Fujiwara]

Hi! It's my first post here.

I would like to know if there is any way to lock/block the chat after the user has left the conversation.

I ask this because I think it can be dangerous if someone posts the url in any social network. Just imagine if the chat history turns into a discussion among several users.

Exemple: https://demo2.mibew.org/chat/3222/22244925

Thanks!

[faf]

Ok, we'll evaluate this issue.

At the same time, one should understand two important things:

• Mibew Messenger 2.0 is at the alpha stage now. It's not ready to be used in production.
• If you think that you've found a security issue, it's irresponsible to post it in the wild without trying to contact developers privately.

[Hugo Fujiwara]

1. Mibew Messenger 2.0 is at the alpha stage now. It's not ready to be used in production.

I'know, it was just an example. I have tested it in 1.6.13 too.

2. If you think that you've found a security issue, it's irresponsible to post it in the wild without trying to contact developers privately.

OK, sorry about that, but I had some considerations when I posted it:

• I don't see it as a security issue. I think the developers allowed it on purpose because of some other functions.
• I don't think that a common user comes here.

If you think it's safer, please, feel free to edit my post above. You could leave only the bold text.

[faf]

I have tested it in 1.6.13 too.

Yeah, me too...

2. If you think that you've found a security issue, it's irresponsible to post it in the wild without trying to contact developers privately.

OK, sorry about that, but I had some considerations when I posted it:

• I don't see it as a security issue. I think the developers allowed it on purpose because of some other functions.
• I don't think that a common user comes here.

Well, as I've wrote, we'll evaluate the cause of the issue and whether it is a vulnerability, or a bug. Actually, it was you who called this feature potentially dangerous. 

As of your second note, they do. At the same time, security issues are interesting to shady persons, not to a common users.

If you think it's safer, please, feel free to edit my post above. You could leave only the bold text.

I'm afraid, it's too late. What goes on the Internet stays on the Internet.

[Hugo Fujiwara]

OK then, thanks!

[faf]

FYI: we've opened two issues related to your message:

• https://github.com/Mibew/mibew/issues/71
• https://github.com/Mibew/mibew/issues/72

They will be closed in the next alpha version of Mibew Messenger, i.e. in 2.0.0-alpha5.

As of Mibew Messenger 1.6.x, probably soon we'll implement restriction for third-party access. The release of 1.6.14 will follow.

[Hugo Fujiwara]

Wow! That's nice! 

Thanks!

[faf]

Mibew 1.6.14 has been released. Now all chat threads are tied to users' sessions. Thus it will be impossible to access them after the conversation was finished.

At the same time we will not implement the lock of closed threads in 1.6.x, since it's not a security problem. But that feature will be implemented in 2.0.0-alpha5.

[Hugo Fujiwara]

Great! I'll test it ASAP!

Thanks again!