powered by Jive Software

Obtaining client settings from server... (devs)

Given that some users discuss sensitive topics via IM (as described in some threads), it would be wise to have the client obtain its runtime settings from the connecting server. A note could be placed on the client config page that states that server parameters would override any local settings.

A Client Settings[/i] page could be added to the admin console with check boxes next to every option available through the client’'s UI. An Enable/Disable policy radio button would control the overall function.

For those that require strict adherence to the Client Settings policy, an additional function can be added that would deny access to those not using the Spark client. This of course would be the only way to ensure that such a Client Settings policy is adhered to.

For those that want to be really sure the client is Spark[/i] - A quick internal comm function can prove that the client is indeed Spark and not another masquerading it’'s Agent ID to gain access.

As always, keep up the good work devs!



if I want to discuss sensitive topics I will use a client which offers p2p encryption of the messages to make sure that the server administrator can not read them, so it will not be Spark.

As soon as administrators start to allow only one client vendor users may look for another xmpp servers or may reject using it completely.

There are also some web pages I don’‘t access because Firefox can’'t display the content.


PS: For dev’‘s there’'s another Wifi forum: http://www.jivesoftware.org/community/forum.jspa?forumID=43


While I agree with your point of view, you missed my point entirely. It’'s not about requiring P2P encryption, but rather preventing the average user for cataloging a chat history when discussing sensitive matters. P2P encryption would help with regards to securing content traveling across the LAN (or net for that matter), but would not prevent the recipient from saving a chat history.

Thanks for the link to the Wildfire dev forum. I obviously missed it when clicking on the support page.




sorry for missing your point. I still can’'t think of sensitive issues which should be discussed without saving the results or agreements somewhere for further reference. It becomes as poor as a phone call, later no one knows any more what the other persons did say.

As long as I can copy the chat window content or use the “print” key to capture the screen or run a screen capture program which saves the chat as video to a file or even streams it this makes no real sense.

In my opinion this is something for the (windows/linux/mac) administrators. Using a strong user password, an encrypted filesystem and proper file permissions help a lot to protect local data. I think it’'s still not easy to configure Spark to store the chat log to a network drive.