[Operators] Remove old unused accounts?
tux at limun.org
Thu Dec 10 16:50:36 CST 2009
Am Donnerstag, 10. Dezember 2009 23:36:00 schrieb Jonathan Schleifer:
> Am 10.12.2009 um 19:10 schrieb Peter Saint-Andre:
> > What policy do you enforce at the big public IM service you run?
> Remove the user and blacklist it. Keep the JID and e-mail address in
> another table so that user can reregister if he can prove he owns that
> e-mail address.
> > People who run MUC rooms need to monitor who the owners are. If I
> > run a
> > room, I regularly check the owners and admins. And if someone starts
> > to
> > behave strangely, I change their privileges. And remember that very
> > few
> > people are owners or admins in MUC rooms in the first place.
> > That said, there is a minor security concern here. MUC rooms and
> > PubSub
> > nodes could garbage-collect owners and admins/publishers, just as core
> > XMPP services do. This is another reason to put such entities in the
> > user's roster.
> Well, it can happen that a MUC only has two owners. One of them does
> not exist anymore and the other one is too busy to check the owners
> regularily. Someone could hijack the room and even drop it.
> For PubSub, one could publish stuff under that JID after it has been
> deleted. The user may have gotten inactive and may still own PubSub
> node that others are subscribed to. Someone now can impersonate this
> person who got inactive.
> Yet another thing that can happen: Transports that are still
> registered, because they did not need subscribing to the roster. IRC
> Gateways for example that store the users credentials and only login
> when the user joins a channel. Or JUD services. The user registered in
> some remote JUD, the JID is dropped, someone else removes it, the
> original owner who registered at the JUD can't unregister now.
> I'm pretty sure there are even more bad things that could happen that
> I can't think of now.
> Blocking a username after it has been deleted and only allowing the
> original owner to reregister it sounds like a sane idea to me.
> Especially as the list of banned usernames and their e-mail adresses
> can be kept in a separate table or even database and only needs to be
> checked when a new user account is registered, so it should not slow
> down the system noticably.
It clearly does sound like a sane idea. This would solve the problem of having
multiple users use the same JID after it was deleted. But think of jabber
accounts that were created, used for short time and then left lying aroung on
the server. This includes unnecessarily created accounts and so on. However it
is defined, on most public services there are many jabber accounts just lying
around, unused. This makes it impossible for someone who would really like to
use the same JID to register it, as he does not have the email adress.
In short there wont be two different people using the same jabber account,
regardless of the fact that there may be "garbage" accounts that are not
really used. This makes it impossible tot get the jid, even for the people who
would really use it.
Captcha could prevent an amount of "garbage" accounts, but is not 100% proof.
Anyone can still create accounts and not use them.
More information about the Operators