Security related quetions

anton.karlan · November 12, 2019, 7:15am

Hi Everybody!
I have a few technical and security related quetions about Rocket.Chat that I didn’t find in documentation.

Is there any encryption in messaging? Or HTTPS is the only one available chat (messaging) encryption?
All messages in MongoDB are in plain text? If yes, can it be encrypted somehow?
Is there any way to get detailed logs about user authorizations, admin actions and other interesting security audit logs?

anton.karlan · November 12, 2019, 12:10pm

I think I found answer on quetion #3.
In log one can see lines like that, when Admin checks settings in Admin Panel:
Meteor ➔ method instances/get -> userId: UserID, arguments:
Meteor ➔ publish adminRooms -> userId: UserID, arguments: ["",{“0”:“c”,“1”:“d”,“2”:“p”},50]
Meteor ➔ publish fullUserData -> userId: UserID, arguments: ["",50]
and so on…

Topic		Replies	Views
User not found [403] - Meteor.Error Community Support	3	1723	September 12, 2021
read access to the user data Community Support	0	576	July 6, 2018
Weird user issues that I don't know how to solve Community Support	3	845	June 2, 2018
How to block users Community Support	2	2062	November 28, 2021
Admin "spying" on your chats Community Support	3	4595	August 11, 2020

Join our Community Open Call tomorrow where we'll share more details regarding recent changes and answer questions about updating your workspace to the latest Rocket.Chat

Security related quetions

Related Topics