Submitted ideas will be evaluated by our product teams for upcoming releases and will be responded to so you know where things stand. For product support, please use the community forums or contact TAC.
NOTE: All Cisco employees & Channel Partners must enter Ideas through this Ideas Portal.
Enforcing Jabber policies on workstations. The existing security on the configuration files is inadequate for today's security concerns. Hi everyone,From questions asked on the Support Community forum, and from enhancement request:https://bst.cloudapps.cisco.com/bugsearch/bug/CSCut25346/?referring_site=bugquickviewredirIt seems that the local configuration for Jabber can be tampered with on the client side. I've also been told that to date, the configuration file must be stored locally which means that if someone has admin privileges on their desktop they can pretty much change their Jabber permissions regardless of corporate policy. In Windows it's notoriously easy to receive local admin rights.This issue has been brought up a few times over the years, and I think it's a massive security caveat which needs to be addressed. It can be addressed in any number of ways, from hash functions to encryption, but it should be addressed For example, a user who is meant to only see people in their own department can decide to change the configuration files to change their LDAP searchbase and groupbases to see users in other departments. Other options is to give yourself FECC permissions, allow yourself to transfer files via Jabber, and pretty much anything that appears in the Jabber parameters reference guide under Client.