Author Topic: How to lock the conversation after the user leaves?  (Read 12127 times)

0 Members and 1 Guest are viewing this topic.

Hugo Fujiwara

  • Full Member
  • ***
  • Posts: 5
How to lock the conversation after the user leaves?
« on: October 14, 2014, 02:17:04 PM »
Hi! It's my first post here.

I would like to know if there is any way to lock/block the chat after the user has left the conversation.

I ask this because I think it can be dangerous if someone posts the url in any social network. Just imagine if the chat history turns into a discussion among several users.

Exemple: https://demo2.mibew.org/chat/3222/22244925

Thanks!

faf

  • Mibew Staff Member
  • Native
  • *****
  • Posts: 951
    • Mibew Messenger
Re: How to lock the conversation after the user leaves?
« Reply #1 on: October 14, 2014, 03:02:20 PM »
Ok, we'll evaluate this issue.

At the same time, one should understand two important things:

  • Mibew Messenger 2.0 is at the alpha stage now. It's not ready to be used in production.
  • If you think that you've found a security issue, it's irresponsible to post it in the wild without trying to contact developers privately.

Hugo Fujiwara

  • Full Member
  • ***
  • Posts: 5
Re: How to lock the conversation after the user leaves?
« Reply #2 on: October 14, 2014, 04:04:18 PM »
1. Mibew Messenger 2.0 is at the alpha stage now. It's not ready to be used in production.

I'know, it was just an example. I have tested it in 1.6.13 too.

2. If you think that you've found a security issue, it's irresponsible to post it in the wild without trying to contact developers privately.

OK, sorry about that, but I had some considerations when I posted it:
  • I don't see it as a security issue. I think the developers allowed it on purpose because of some other functions.
  • I don't think that a common user comes here.

If you think it's safer, please, feel free to edit my post above. You could leave only the bold text.

faf

  • Mibew Staff Member
  • Native
  • *****
  • Posts: 951
    • Mibew Messenger
Re: How to lock the conversation after the user leaves?
« Reply #3 on: October 14, 2014, 05:09:30 PM »
I have tested it in 1.6.13 too.

Yeah, me too...

2. If you think that you've found a security issue, it's irresponsible to post it in the wild without trying to contact developers privately.

OK, sorry about that, but I had some considerations when I posted it:
  • I don't see it as a security issue. I think the developers allowed it on purpose because of some other functions.
  • I don't think that a common user comes here.

Well, as I've wrote, we'll evaluate the cause of the issue and whether it is a vulnerability, or a bug. Actually, it was you who called this feature potentially dangerous.  ;)

As of your second note, they do. At the same time, security issues are interesting to shady persons, not to a common users.

If you think it's safer, please, feel free to edit my post above. You could leave only the bold text.

I'm afraid, it's too late. What goes on the Internet stays on the Internet.

Hugo Fujiwara

  • Full Member
  • ***
  • Posts: 5
Re: How to lock the conversation after the user leaves?
« Reply #4 on: October 14, 2014, 06:54:12 PM »
OK then, thanks!

faf

  • Mibew Staff Member
  • Native
  • *****
  • Posts: 951
    • Mibew Messenger
Re: How to lock the conversation after the user leaves?
« Reply #5 on: October 15, 2014, 10:00:15 AM »
FYI: we've opened two issues related to your message:


They will be closed in the next alpha version of Mibew Messenger, i.e. in 2.0.0-alpha5.

As of Mibew Messenger 1.6.x, probably soon we'll implement restriction for third-party access. The release of 1.6.14 will follow.

Hugo Fujiwara

  • Full Member
  • ***
  • Posts: 5
Re: How to lock the conversation after the user leaves?
« Reply #6 on: October 15, 2014, 11:12:41 AM »
Wow! That's nice!  :D

Thanks!

faf

  • Mibew Staff Member
  • Native
  • *****
  • Posts: 951
    • Mibew Messenger
Re: How to lock the conversation after the user leaves?
« Reply #7 on: October 16, 2014, 10:09:44 AM »
Mibew 1.6.14 has been released. Now all chat threads are tied to users' sessions. Thus it will be impossible to access them after the conversation was finished.

At the same time we will not implement the lock of closed threads in 1.6.x, since it's not a security problem. But that feature will be implemented in 2.0.0-alpha5.

Hugo Fujiwara

  • Full Member
  • ***
  • Posts: 5
Re: How to lock the conversation after the user leaves?
« Reply #8 on: October 16, 2014, 06:39:20 PM »
Great! I'll test it ASAP!

Thanks again!