Security of new channel history feature
Posted: Mon Oct 14, 2019 1:36 am
In regards to the following feature, how will the messages being stored?
Plain text? or some desired form of encryption?
This is a great server side feature, but what security mechanism will take care of it?
Plain text? or some desired form of encryption?
This is a great server side feature, but what security mechanism will take care of it?
Recording and playback of channel history when channel mode +H is set.
The syntax is: +H max-lines-to-record:max-time-to-record-in-minutes.
For example: +H 50:1440 means the last 50 messages will be stored and no message will be stored longer than 1440 minutes (1 day).
The channel history is then played back when joining such a channel, but with two things to keep in mind:
The client must support the 'server-time' CAP, otherwise history is not shown. Any modern IRC client supports this.
Only a maximum of 15 lines are played back on-join by default
The reason for the maximum 15 lines on-join playback is that this can be quite annoying if you rejoin repeatedly and as to not flood the users screen too much (unwanted). In the future we will support a mechanism for clients to "fetch" history - rather than sending it on-join - so they can fetch more than the 15 lines, up to the number of lines and time configured in the +H channel mode.
You can configure the exact number of lines that are played back and all the limits that apply to +H via set::history::channel.
For saving and retrieving history we currently have the following options:
history_backend_mem: channel history is stored in memory. This is very fast but also means history is lost on restart.
history_backend_null: don't store channel history at all. This can be useful to load on servers with no users on it, such as a hub server, where storing history is unnecessary.
As you can see there is currently no 'disk' backend. However, in the future more options may be added.
Also note that 3rd party modules can add history backends as well.