Labels Milestones

New Issue

logbot: how can we be careful with write access to the server #21

Open

opened 3 years ago by mb · 1 comments

mb commented 3 years ago

logbot and whisperbot can be invited by anyone, using their xmpp addresses, enabling write access to the server. Let's be careful with that.

Leaving some snippets from the conversation here:

My first instinct is this is a bad idea to have out in the open like this.

But yeah something with writeaccess to the server should not be able to invited this way by random people

we can add a flag where you whitelist servers / rooms that the bot will join. Easy way to address it.

nice promiscious pipeline

logbot and whisperbot can be invited by anyone, using their xmpp addresses, enabling write access to the server. Let's be careful with that. Leaving some snippets from the conversation here: > My first instinct is this is a bad idea to have out in the open like this. > But yeah something with writeaccess to the server should not be able to invited this way by random people > we can add a flag where you whitelist servers / rooms that the bot will join. Easy way to address it. > nice promiscious pipeline

decentral1se commented 3 years ago

Owner

Extending https://git.vvvvvvaria.org/decentral1se/xbotlib#invitations with whitelisting would be a good idea.

Extending https://git.vvvvvvaria.org/decentral1se/xbotlib#invitations with whitelisting would be a good idea.

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

master

Labels

Apply labels

Clear labels

No items

No Label

Milestone

Set milestone

Clear milestone

No items

No Milestone

Assignees

Assign users

Clear assignees

No Assignees

2 Participants

Notifications

Subscribe

Due Date

The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

This issue currently doesn't have any dependencies.

Write Preview

Loading…

Cancel

Save

There is no content yet.