[Standards-JIG] JEP-0033 isn't implementable as external
component according to JEP-0114
Tobias Markmann
tmarkmann at googlemail.com
Wed Aug 9 09:19:13 CDT 2006
>
> Given that an external component is trusted to write 'from'
> addresses for any user at the component's hostname, server
> administrators SHOULD make sure that they in fact do trust the
> omponent software.
That's sounds to me like:
1. Don't allow to connect untrusted components.
2. The trusted components are only allowed to change from addresses
for any user at the component's hostame.
When a component is untrusted you shouldn't allow that to connect to your
server. And if it's trusted you can allow it to do anything what allows XMPP
RFCs, not only changing the from addresses for any user at the component's
hostname.
On 8/9/06, Peter Saint-Andre <stpeter at jabber.org> wrote:
>
> Tobias Markmann wrote:
> > okay...i already figured that out but i don't know any server which
> > allows that...i heard that you can hack jabberd's connection manager to
> > do so but the s2s component of it won't let the message pass through.
>
> That sounds like a server bug to me, please report it appropriately. :-)
>
> > Maybe the trusted and untrusted part needs to be integrated in a more
> > explicit way into JEP-0114.
>
> If server developers are confused about what that means, please ask them
> to speak up on this list. It's pretty clear to me, but then I wrote the
> words...
>
> Peter
>
> --
> Peter Saint-Andre
> Jabber Software Foundation
> http://www.jabber.org/people/stpeter.shtml
>
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.jabber.org/pipermail/standards/attachments/20060809/3e30a720/attachment.htm
More information about the Standards-JIG
mailing list