Security related quetions

anton.karlan · November 12, 2019, 7:15am

Hi Everybody!
I have a few technical and security related quetions about Rocket.Chat that I didn’t find in documentation.

Is there any encryption in messaging? Or HTTPS is the only one available chat (messaging) encryption?
All messages in MongoDB are in plain text? If yes, can it be encrypted somehow?
Is there any way to get detailed logs about user authorizations, admin actions and other interesting security audit logs?

anton.karlan · November 12, 2019, 12:10pm

I think I found answer on quetion #3.
In log one can see lines like that, when Admin checks settings in Admin Panel:
Meteor ➔ method instances/get -> userId: UserID, arguments:
Meteor ➔ publish adminRooms -> userId: UserID, arguments: ["",{“0”:“c”,“1”:“d”,“2”:“p”},50]
Meteor ➔ publish fullUserData -> userId: UserID, arguments: ["",50]
and so on…

Topic		Replies	Views
Security on Rocket Chat Community Support	0	809	March 20, 2018
User not found [403] - Meteor.Error Community Support	3	1960	September 12, 2021
MongoDB Logging Private Messages in Plain Text Community Support rocketchat-apps	2	1566	November 15, 2021
MongoDB Authentication Community Support	1	1928	February 4, 2022
User don't send directs messages after update! Community Support	1	738	October 19, 2023

[Rocket.Chat v7.0: Join the webinar] Roadmap Reveal: on-prem AI, VoIP, and more! Save your seat ->

Security related quetions

Related topics