[jdev] Re: How can I verify the JID validity?

Alexey Nezhdanov snake at penza-gsm.ru
Thu Mar 17 02:46:02 CST 2005

В сообщении от Четверг 17 Март 2005 10:39 George Hazan написал(a):
>    Hello, Alexey!
>    Thu, 17 Mar 2005 08:19:25 +0300 you wrote:
> >> Yes, just to verify the user input, but without trying to add a contact
> >> into my contact list. I dunno if the word 'addable' exists, but it
> >> describes what I want pretty good :)
> AN> Generally such info should be considered security-sensitive so server
> AN> (at least server with in-band registration turned off) should not
> AN> present such info.
> But why? I'm a registered user, entered a valid password. I don't try to
> list users or hack their data, I use the fully qualified JID to obtain the
> info that user wanted to publish himself.
That's another story. User published this data on his own will. But simply 
trying subsequently all possible names can be used for compiling SPIM-list.

> AN> BTW even the servers with opened IBR presening such info in different
> AN> formats.
> It's not so important for this task, I just chech a "type" attr to be an
> "error" or a "result". But still any ideas how to do that on another way
> are appreciated.
I was writing about <iq type='get' to='someuser'><query 

Alexey Nezhdanov

More information about the JDev mailing list