Filip/matrix-spec
1
0
Fork 0
mirror of https://github.com/matrix-org/matrix-spec synced 2026-02-04 05:13:42 +01:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

Spell out some possible abuse vectors and how to mitigate them

Browse source
This commit is contained in:
Andrew Morgan 2020-08-21 15:42:12 +01:00
parent 74a341ab8d
commit 716db4e656
1 changed files with 9 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

11
proposals/2403-knock.md
View file

@ -273,5 +273,12 @@ could both be merged into one, however, as that would also affect the join
endpoint it seems out-of-scope for this MSC.
# Security considerations
This doesn't allow users access to a room in any way. However, care should be
taken to ensure that no spam vectors are enabled by this change.
Clients must take care when implementing this feature in order to prevent
simple abuse vectors that can be accomplished by individual users. For
instance, When a knock occurs, client are advised to hide the reason by
default, prompting the user to reveal it only if they choose to.
It is still theoretically possible for a server admin to create many users
with different user IDs or display names, all spelling out an abusive
message, and then having each of them knock in order. In this case, room
admins should employ typical abuse mitigation tools, such as Server ACLs.