Proposal: Authentication Mechanism

[xdadrm]

Currently anyone who can talk to the bot can also send commands and subscriptions. This poses the risk of strangers abusing your service to interact with your environment (via mqtt or the configuration) and or using your server for their likely malicious purposes to connect to other mqtt servers on the internet.

Proposed solution::

First user (or channel) to connect & configure mqtg after a start (empty Database) becomes the owner of the server, might be a flag that can be granted to others.

Additionally the owner would have then the possibility to decide whether :

• the server is public (as it is today) or private
• whether access requests would be allowed (new users connecting with /start) -or- users are to be added manually.