几周以来,我一直在 Archlinux 机器上测试 ejabberd 20.03,将其作为家庭内 WhatsApp 的替代品。我使用 postgresql 后端作为用户数据库。一切都很顺利,直到今天:我为妹妹创建了第三个帐户。登录正常,我们可以互相聊天。问题来了:她可以看到我和她儿子的聊天记录,而她儿子是第一个非管理员用户!他的聊天记录是明文的,而我的则无法读取。
我没有创建聊天室,几乎所有东西(除了用户身份验证)都是默认的。我们都使用 Android 上的当前对话。我不知道这里发生了什么……
模块部分:
modules:
mod_adhoc: {}
mod_admin_extra: {}
mod_announce:
access: announce
mod_avatar: {}
mod_blocking: {}
mod_bosh: {}
mod_caps: {}
mod_carboncopy: {}
mod_client_state: {}
mod_configure: {}
mod_disco: {}
mod_fail2ban: {}
mod_http_api: {}
mod_http_upload:
put_url: https://@HOST@:5443/upload
mod_last: {}
mod_mam:
## Mnesia is limited to 2GB, better to use an SQL backend
## For small servers SQLite is a good fit and is very easy
## to configure. Uncomment this when you have SQL configured:
db_type: sql
assume_mam_usage: true
default: always
mod_mqtt: {}
mod_muc:
access:
- allow
access_admin:
- allow: admin
access_create: muc_create
access_persistent: muc_create
access_mam:
- allow
default_room_options:
mam: true
mod_muc_admin: {}
mod_offline:
access_max_user_messages: max_user_offline_messages
mod_ping: {}
mod_privacy: {}
mod_private: {}
mod_proxy65:
access: local
max_connections: 5
mod_pubsub:
access_createnode: pubsub_createnode
plugins:
- flat
- pep
force_node_config:
## Avoid buggy clients to make their bookmarks public
storage:bookmarks:
access_model: whitelist
mod_push: {}
mod_push_keepalive: {}
mod_register:
## Only accept registration requests from the "trusted"
## network (see access_rules section above).
## Think twice before enabling registration from any
## address. See the Jabber SPAM Manifesto for details:
## https://github.com/ge0rg/jabber-spam-fighting-manifesto
ip_access: trusted_network
mod_roster:
versioning: true
# mod_s2s_dialback: {}
mod_shared_roster: {}
mod_stream_mgmt:
resend_on_timeout: if_offline
mod_vcard: {}
mod_vcard_xupdate: {}
mod_version:
show_os: false
答案1
显然这里还发生过一些您没有注意到且没有提及的事情。
也许是因为 mod_mam 已启用,并配置为默认存档所有对话。但肯定还有其他原因,也许您的客户正在重复使用帐户,因此不同的人可以访问相同的帐户...