Todo #106

Allow privileged clients to send messages to any room

Added by colin moock 1089 days ago. Updated 478 days ago.

Status :Closed Start :02/10/2009
Priority :Normal Due date :
Assigned to :- % Done :

0%
Category :Security
Target version :Union 1.0 Beta 1

Description

Given the correct privileges, a client should be able to send messages to rooms it's not in.

Reasons to allow outside messages:

  • a moderator broadcasts a system message to many rooms without first joining them
  • inter-application communication (e.g., a player in one chess game sends an invite to all players in another game)

Reasons to prevent outside messages:

  • developers might want to turn off "outside messaging" in order to prevent clients from interacting with rooms they're not in.

Security

Outside messaging needs to be restricted by Union's general security/privileges model. A client should not be able to sabotage an app or spoof operations by messaging a room without being in it.

Related issues

related to Feature #48 Permissions, Security, Privileges Closed 08/26/2008

History

05/12/2009 12:40 PM - colin moock

  • Subject changed from Can a client send a message to a room it's not in? to Allow privileged clients to send messages to any room

01/19/2010 10:54 PM - colin moock

  • Category changed from Messaging to Security
  • Target version set to Union 1.0 Beta 2

08/06/2010 01:16 AM - colin moock

  • Target version changed from Union 1.0 Beta 2 to Union 1.0 Beta 1

10/14/2010 02:00 PM - derek clayton

  • Status changed from New to Closed

Messages to rooms is not controlled by the security specification.

Also available in: Atom