powered by Jive Software

IMPORTANT suggestions for your project

Dear Jive Software,

First - thank You for your software. Your bet on 50/50 free/paid project development is really winning.

So, our suggestions - MAKE SPARK MORE SECURE AND ADD MORE SETTINGS.

  • I just want to change fonts… I cant.

  • I just want to save my logs to the secured PGP disk,

not to c:/documents and settings/users/… it’'s not secure.

so i disabled logs at all. No way to have SSL connection and still have logs available.

  • I wish to send messages with CTRL+ENTER and new line with ENTER - but there is no way to do this.

  • I wish SPARK to not connect automatically with every new disconnect.

This must be setup for this to allow or not allow relogin with connection lost.

More Flexible Spark - More Flexible Auditory - More Popularity - More People - Your Key here? Yes.

I ''ll donate if this features ''ll be ready.

Just a comment on one of your suggestions.

Encrypting the chat logs would add a lot of complexity to the program that many people dont need or want in many cases. It also would only marginally increase security because the other endpoint may not encrypt them, or the server may be logging them (also unencrypted). Certainly someone could write a Spark plugin to do the encryption, but I doubt there is enough demand for Jive to do this. My suggestion would be to use an encrypted disk so Spark dosnt need to care if or how the encryption occurs. Try www.truecrypt.org for an Open Source version.

This same logic applies to email. If you want secure email or IM, you must encrypt the message itself. There has been some requests for this feature, but again I dont know if there is enough demand for Jive to implement this.

Thank You for your post, but you are not right.

I have both PGP and TrueCrypt. But probably You dont know, that if even You have Spark installed to F: , logs ''ll keep their place in C:\Documents And Settings\Users\Blablabla…

So, all i spoke before is true. I never shout for nothing .

Also,

I wrote OpenFire hack, to disable all logs on server. Plus SSL is required. So only weak place is Spark with their read-for-all logs directory, which can not be configured.

That is a sensible place to put the logs as you need a writable area for each user.

You could encrypt the C: drive, or place a symbolic link (junction point) on C:\ to point to a different drive, or just disable the chat logs on the client too?

Files in your “Documents and Settings” directory should be protected by permissions anyway. Allowing any user to read files out of there is a security problem in its own right. You can always configure the Spark directory to have even tighter permissions, though you cant remove Admin access completely. If you are worried about your admins viewing your chat logs, then I suggest you turn them off.

If the symbolic link dosnt work, you can try mounting your encrypted disk there. Coming from the Unix world that is second nature to me, but most Windows users dont know they can do it too: http://www.microsoft.com/technet/prodtechnol/windows2000serv/reskit/prork/prdf_f ls_ogex.mspx?mfr=true

It works on XP, 2000, and newer.

I think I could make a case for having the log directory be configurable though. My dilemma is this: If we start adding tons of options that only a few people want, we end up with a configuration dialog that is cluttered and confusing. Perhaps an option like this would be something you change from the config file (spark.properties) only.

I do want to reiterate that you are only marginally increasing the security by encrypting your chat logs. Unless you can be 100% certain of the entire path, it is NOT secure at all. So in addition to forcing SSL, you need to turn off s2s, and make sure ALL clients who connect have the same logging setups. To truly gain the security you want in that case you need to use end-to-end encryption (PGP, for example). That feature has been requested a few times, but there hasnt been a huge interest in it.