On 21 December 2015 at 04:08, Ying LEE <mr.ying....@gmail.com> wrote:
> As a demo, support-chat is the one I am looking for. But, I am wondering
> there is some security problems. For the team MUC is known by client by
> checking the source code, and team MUC is open to anonymous visitors. So it
> is easy to use an XMPP client to access team MUC and get the private
> messages (of course, not all) between other visitors and supporters.

The MUC is used only for co-ordination and discovery of the (online)
members of teams. The initial message/invitation is sent privately, so
is not visible to other users in the room. The supporters then join
the private room that the user created, and all discussion happens

At the end of the day it is, like many other services on the internet,
providing an anonymous chat service. So yes, it is wise to be aware of
what is and isn't visble or accessible to anonymous users. A service
would, for example, probably want to put some restrictions on
submitting queries, but that would need to be enforced server-side,
and not in the client code.


You received this message because you are subscribed to the Google Groups 
"prosody-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to prosody-dev+unsubscr...@googlegroups.com.
To post to this group, send email to prosody-dev@googlegroups.com.
Visit this group at https://groups.google.com/group/prosody-dev.
For more options, visit https://groups.google.com/d/optout.

Reply via email to