"Internally Public" setting?
Jordan
via web
We would really like to have a "internally public" setting for rooms, does this exist? We want anyone that's a member in our chat to be able to join a particular room at will without leaving it wide open to the public internet. Does that feature exist?
Support Staff 2 Posted by Nick on 20 Nov, 2011 09:52 AM
Do you really have a problem with people joining your rooms from internet? We will think about this but I don't see this as a major flaw at the moment.
Nick closed this discussion on 20 Nov, 2011 09:52 AM.
Jordan re-opened this discussion on 21 Nov, 2011 03:30 PM
3 Posted by Jordan on 21 Nov, 2011 03:30 PM
It's a pretty easy hack to script isn't it? Guess some *.jaconda.im domains and guess some chat room names and you're in.
Use a fairly common name and you may not be noticed, or even do some social engineering on the company and find out what the CEO's name is and use that.
Related question: Is our domain's list of public rooms published anywhere that an attacker could query?
4 Posted by Dan DeMaggio on 21 Nov, 2011 07:40 PM
Yes. We'd like to talk about internal company projects without worrying about interlopers. I see two options:
1) Since a room name is it's password, we could create hard-to-guess room names.
2) Jaconda could support private, but company-wide chat rooms.
If we go with option 1, we'd want assurances that Jaconda won't make a "List all Public Chat Rooms" API, where people could discover our room.
Support Staff 5 Posted by Nick on 10 Dec, 2011 01:35 PM
Hi,
Sorry for delay, couldn't answer earlier. We will consider this but most likely not before the new year at the earliest.
No we don't publish rooms or anything anywhere. You might access to them through the API, but to gain access to the API token you got to be the domain owner.
6 Posted by Peter Baker on 14 Jan, 2012 04:25 PM
Would love to see this as well. It would be great to have the option to invite outsiders only if we send them a 'secure' invite code (and of course we can kick them out).