General > Support

How to lock the conversation after the user leaves?

(1/2) > >>

Hugo Fujiwara:
Hi! It's my first post here.

I would like to know if there is any way to lock/block the chat after the user has left the conversation.

I ask this because I think it can be dangerous if someone posts the url in any social network. Just imagine if the chat history turns into a discussion among several users.

Exemple: https://demo2.mibew.org/chat/3222/22244925

Thanks!

faf:
Ok, we'll evaluate this issue.

At the same time, one should understand two important things:


* Mibew Messenger 2.0 is at the alpha stage now. It's not ready to be used in production.
* If you think that you've found a security issue, it's irresponsible to post it in the wild without trying to contact developers privately.

Hugo Fujiwara:

--- Quote from: faf on October 14, 2014, 03:02:20 PM ---1. Mibew Messenger 2.0 is at the alpha stage now. It's not ready to be used in production.

--- End quote ---

I'know, it was just an example. I have tested it in 1.6.13 too.


--- Quote from: faf on October 14, 2014, 03:02:20 PM ---2. If you think that you've found a security issue, it's irresponsible to post it in the wild without trying to contact developers privately.

--- End quote ---

OK, sorry about that, but I had some considerations when I posted it:

* I don't see it as a security issue. I think the developers allowed it on purpose because of some other functions.
* I don't think that a common user comes here.
If you think it's safer, please, feel free to edit my post above. You could leave only the bold text.

faf:

--- Quote from: Hugo Fujiwara on October 14, 2014, 04:04:18 PM ---I have tested it in 1.6.13 too.

--- End quote ---

Yeah, me too...


--- Quote from: Hugo Fujiwara on October 14, 2014, 04:04:18 PM ---
--- Quote from: faf on October 14, 2014, 03:02:20 PM ---2. If you think that you've found a security issue, it's irresponsible to post it in the wild without trying to contact developers privately.

--- End quote ---

OK, sorry about that, but I had some considerations when I posted it:

* I don't see it as a security issue. I think the developers allowed it on purpose because of some other functions.
* I don't think that a common user comes here.
--- End quote ---

Well, as I've wrote, we'll evaluate the cause of the issue and whether it is a vulnerability, or a bug. Actually, it was you who called this feature potentially dangerous.  ;)

As of your second note, they do. At the same time, security issues are interesting to shady persons, not to a common users.


--- Quote from: Hugo Fujiwara on October 14, 2014, 04:04:18 PM ---If you think it's safer, please, feel free to edit my post above. You could leave only the bold text.

--- End quote ---

I'm afraid, it's too late. What goes on the Internet stays on the Internet.

Hugo Fujiwara:
OK then, thanks!

Navigation

[0] Message Index

[#] Next page

Go to full version