[Operators] Remove old unused accounts?

Jonathan Schleifer js-xmpp-operators at webkeks.org
Thu Dec 10 16:36:00 CST 2009


Am 10.12.2009 um 19:10 schrieb Peter Saint-Andre:

> What policy do you enforce at the big public IM service you run?

Remove the user and blacklist it. Keep the JID and e-mail address in  
another table so that user can reregister if he can prove he owns that  
e-mail address.

> People who run MUC rooms need to monitor who the owners are. If I  
> run a
> room, I regularly check the owners and admins. And if someone starts  
> to
> behave strangely, I change their privileges. And remember that very  
> few
> people are owners or admins in MUC rooms in the first place.
>
> That said, there is a minor security concern here. MUC rooms and  
> PubSub
> nodes could garbage-collect owners and admins/publishers, just as core
> XMPP services do. This is another reason to put such entities in the
> user's roster.

Well, it can happen that a MUC only has two owners. One of them does  
not exist anymore and the other one is too busy to check the owners  
regularily. Someone could hijack the room and even drop it.

For PubSub, one could publish stuff under that JID after it has been  
deleted. The user may have gotten inactive and may still own PubSub  
node that others are subscribed to. Someone now can impersonate this  
person who got inactive.

Yet another thing that can happen: Transports that are still  
registered, because they did not need subscribing to the roster. IRC  
Gateways for example that store the users credentials and only login  
when the user joins a channel. Or JUD services. The user registered in  
some remote JUD, the JID is dropped, someone else removes it, the  
original owner who registered at the JUD can't unregister now.

I'm pretty sure there are even more bad things that could happen that  
I can't think of now.

Blocking a username after it has been deleted and only allowing the  
original owner to reregister it sounds like a sane idea to me.  
Especially as the list of banned usernames and their e-mail adresses  
can be kept in a separate table or even database and only needs to be  
checked when a new user account is registered, so it should not slow  
down the system noticably.

--
Jonathan



More information about the Operators mailing list