Uploaded image for project: 'Openfire'
  1. Openfire
  2. OF-1566

Monitoring Service 1.6.0 does not check user has the right to enter the archive

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: None
    • Component/s: Plugins
    • Labels:
      None

      Description

      According to XEP-0313 MAM, 1 a MUC archive MUST check that the user requesting the archive has the right to enter it at the time of the query and only allow access if so.

      This is currently not the case for password protected rooms. Any user can access the MAM archive without being prompted for a password.

      However, section 5.1.2 MUC Archives 1 is respected and working correctly for moderated chat rooms.

        Attachments

          Activity

            People

            Assignee:
            guus Guus der Kinderen
            Reporter:
            guus Guus der Kinderen
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: