[Juser] Transport add contacts to roster

Florian Lindner mailinglists at xgm.de
Mon Feb 21 11:07:31 CST 2005


Am Montag, 21. Februar 2005 13:57 schrieb Peter Saint-Andre:
> On Sat, Feb 19, 2005 at 05:58:18PM -0300, Florian Lindner wrote:
> > is the jabber.org server currently allowing transports I subscribed to to
> > add contacts to my roster?
>
> AFAIK, this is not disallowed by jabberd 1.4.2cvs, which is the
> session manager that jabber.org uses. The "legacy" transports used
> this "feature" to add people to your roster using a presence packet
> of type 'subscribed'. See JEP-0100 for details:
>
> http://www.jabber.org/jeps/jep-0100.html
>
> > If yes: Why? I would consider that a security flaw...
>
> This behavior is forbidden by RFC 3921, but jabberd 1.4.2cvs is not
> XMPP-compliant in this respect. When we finally get an XMPP-compliant
> server at jabber.org (hopefully soon), then this behavior will not be
> allowed.

What server are you planning migrating to?

Florian



More information about the JUser mailing list