[standards-jig] UPDATED AGAIN: Multi-User Chat, v. 0.4
jabber at dsutton.legend.uk.com
Thu Sep 19 17:22:51 CDT 2002
On Thu, Sep 19, 2002 at 03:15:07PM -0600, David Waite wrote:
> Peter Saint-Andre wrote:
> >The existing IQ browse is a security hole and a bug. A useful bug, but a
> >bug nonetheless.
> >The admin will always be able to get the real JID.
> Which admin - the Room admin, or a Server admin? I would argue that
> creating the room is not sufficient for a user to be able to override my
> privacy settings.
I've been discussing some of this on the jdev channel. Firstly, the
iq:browse is more implementation-specific rather than jep-specific. The
implementation would have to have the concept of server admins.
Regarding a room, this is a grey area in that a user should be careful
before connected to a room, but at this time, there isn't a strong
method of remotely querying a rooms capabilities. The obvious answer is
'use disco' but we don't have that yet, or client support either.
> And I believe that the browse function is not a bug, but an explicit
Its a feature in as far as the current conference code has no concept of
admin users. As far as it is concerned, everyone is equal. It may not be
what is expected, but people have come to use and rely on it.
Email: dsutton at legend.co.uk
Jabber: peregrine at legend.net.uk
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 232 bytes
Desc: not available
Url : http://mail.jabber.org/pipermail/standards/attachments/20020919/dcc845d9/attachment.pgp
More information about the Standards-JIG