I hope I’m just doing something very wrong here.
We’re using Openfire for years (currently 3.8.2, Debian server), with Spark and Psi desktop clients.
I have message archiving enabled, and users can see their own conversations history on the clients.
Well, I just installed an android xmpp client in some user’s phones, and one of them found out that selecting a user in the roster opens that user’s history of messages, sent to ANYONE. Not broadcast nor group messages. Everything sent through that user’s spark client.
Even if that is a bug in the android client, I’d expect the openfire server not to provide that information. The android client is logged as a standard user, not the admin.
Is this right? Did I miss some essential config option in the server? This does not happen with the desktop clients, and it is a major concern for me, as as soon as other users find out, there will be no secrets left…