All uses of the API should be (optionally) logged.
We already record certain operations on MUC and users, but we could do a lot more, recording all uses of the API in a lightweight structured logging fashion. This mitigates a risk of use in business-critical enterprise scenarios.
Bonus points for adding select events as Security Audit Events.
All uses of the API should be (optionally) logged.
We already record certain operations on MUC and users, but we could do a lot more, recording all uses of the API in a lightweight structured logging fashion. This mitigates a risk of use in business-critical enterprise scenarios.
Bonus points for adding select events as Security Audit Events.