You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Currently anyone who can talk to the bot can also send commands and subscriptions. This poses the risk of strangers abusing your service to interact with your environment (via mqtt or the configuration) and or using your server for their likely malicious purposes to connect to other mqtt servers on the internet.
Proposed solution::
First user (or channel) to connect & configure mqtg after a start (empty Database) becomes the owner of the server, might be a flag that can be granted to others.
Additionally the owner would have then the possibility to decide whether :
the server is public (as it is today) or private
whether access requests would be allowed (new users connecting with /start) -or- users are to be added manually.
The text was updated successfully, but these errors were encountered:
Currently anyone who can talk to the bot can also send commands and subscriptions. This poses the risk of strangers abusing your service to interact with your environment (via mqtt or the configuration) and or using your server for their likely malicious purposes to connect to other mqtt servers on the internet.
Proposed solution::
First user (or channel) to connect & configure mqtg after a start (empty Database) becomes the owner of the server, might be a flag that can be granted to others.
Additionally the owner would have then the possibility to decide whether :
The text was updated successfully, but these errors were encountered: