[Juser] Transport add contacts to roster
stpeter at jabber.org
Mon Feb 21 10:57:28 CST 2005
On Sat, Feb 19, 2005 at 05:58:18PM -0300, Florian Lindner wrote:
> is the jabber.org server currently allowing transports I subscribed to to add
> contacts to my roster?
AFAIK, this is not disallowed by jabberd 1.4.2cvs, which is the
session manager that jabber.org uses. The "legacy" transports used
this "feature" to add people to your roster using a presence packet
of type 'subscribed'. See JEP-0100 for details:
> If yes: Why? I would consider that a security flaw...
This behavior is forbidden by RFC 3921, but jabberd 1.4.2cvs is not
XMPP-compliant in this respect. When we finally get an XMPP-compliant
server at jabber.org (hopefully soon), then this behavior will not be
More information about the JUser