[JDEV] Server-side Message History

Michael Brown michael at aurora.gen.nz
Sat Jun 2 04:33:13 CDT 2001

From: "Al Sutton" <al at alsutton.com>

> I think message history location should be optional.
> I see a world of difference between trusting my jabber admin not to snoop
> connection and having my message history on a server which could be hacked
> by a third party and my messages obtained.

True, there is a difference, but your home PC is probably not immune to
being hacked either.  Or your Notebook stolen.  Or maybe you will leave your
Palm device on a bus.  More likely, anyone who has a real interest in what
you are talking about (your boss, wife, business partner, kids, workmates
etc) is going to find it easier to get local access to your PC than they are
hacking into an ISP's Jabber server.

Obviously there is nothing to stop a client author from developing a client
that logs messages locally, and you turning it off on the server, but once
you do that you loose many of the good features of having the messages on
the server (ie the clients get bigger, not smaller, as they must support
both methods).

I would be quite happy with encrypted messages stored on the server.  There
is still some exposure for the messages that are sent to unsecure networks
such as ICQ or MSN as they must be plain text, but I don't think I would be
paranoid enough to switch it off altogether.


More information about the JDev mailing list