[Operators] Remove old unused accounts?
Jonathan Schleifer
js-xmpp-operators at webkeks.org
Wed Dec 9 11:20:05 CST 2009
Am 09.12.2009 um 16:17 schrieb Michael Grigutsch:
> I don't see a big problem in this, as the account either was never
> used or was not in use for over a year.
Well, I see a big problem with it. A big security problem!
Imagine the user has owner status in a MUC. Now that JID gets auto-
delted. Someone re-registers that JID and got owner in the MUC and
could hijack it. Imagine that user has been gone for years, and nobody
remembers him. But know someone DOES remember him suddenly, registers
the JID that user had and takes over the MUC. Same applies for PubSub
etc.
--
Jonathan
More information about the Operators
mailing list