[Operators] Remove old unused accounts?
js-xmpp-operators at webkeks.org
Thu Dec 10 16:36:00 CST 2009
Am 10.12.2009 um 19:10 schrieb Peter Saint-Andre:
> What policy do you enforce at the big public IM service you run?
Remove the user and blacklist it. Keep the JID and e-mail address in
another table so that user can reregister if he can prove he owns that
> People who run MUC rooms need to monitor who the owners are. If I
> run a
> room, I regularly check the owners and admins. And if someone starts
> behave strangely, I change their privileges. And remember that very
> people are owners or admins in MUC rooms in the first place.
> That said, there is a minor security concern here. MUC rooms and
> nodes could garbage-collect owners and admins/publishers, just as core
> XMPP services do. This is another reason to put such entities in the
> user's roster.
Well, it can happen that a MUC only has two owners. One of them does
not exist anymore and the other one is too busy to check the owners
regularily. Someone could hijack the room and even drop it.
For PubSub, one could publish stuff under that JID after it has been
deleted. The user may have gotten inactive and may still own PubSub
node that others are subscribed to. Someone now can impersonate this
person who got inactive.
Yet another thing that can happen: Transports that are still
registered, because they did not need subscribing to the roster. IRC
Gateways for example that store the users credentials and only login
when the user joins a channel. Or JUD services. The user registered in
some remote JUD, the JID is dropped, someone else removes it, the
original owner who registered at the JUD can't unregister now.
I'm pretty sure there are even more bad things that could happen that
I can't think of now.
Blocking a username after it has been deleted and only allowing the
original owner to reregister it sounds like a sane idea to me.
Especially as the list of banned usernames and their e-mail adresses
can be kept in a separate table or even database and only needs to be
checked when a new user account is registered, so it should not slow
down the system noticably.
More information about the Operators