ptman
commented
7 years ago I'm thinking this could also help with Two Factor Auth, like with facebook. https://github.com/matrix-hacks/matrix-puppet-facebook/issues/27
Open MurzNN opened 7 years ago
ptman
commented
7 years ago I'm thinking this could also help with Two Factor Auth, like with facebook. https://github.com/matrix-hacks/matrix-puppet-facebook/issues/27
At now each matrix puppet bridge store remote network password or token in config.json files (or in same places). On most of companies configuring and starting bridge is admin-man work, not any usual company employee.
So all company employees must give plaintext password of his facebook/skype/hangouts/etc account to admin-man - this is main and very large security hole for them: after this admin will can lookup my facebook private photos???
We can greatly minimize this problem if admin only type account info in bridge server side, and bridge will ask password of remote network directly from user, and store it on server side (in memory, or even on files) without engagement of admin-man.
So users will type passwords on his computer only, without giving them to admin-man.
This will not totally protect password from intercepting via admin on bridge server side, but this is much better and secure process for users that now, when users must give his passwords to admin-man.
At now many public XMPP gateways works like suggested here, and there are no big problem with security.