[Security] Unsubscribe on Userdelete (Was: [Standards] Password protected rooms)

Alexander Gnauck gnauck at ag-software.de
Fri Feb 13 04:52:19 CST 2009


> Thats an very interesting point - in many respects. Two more examples:
> - I have a service with many users from other servers subscribed.
>  As there is no unsubscribe if the user has been deleted, I have many
>  "zombie"-subscription. I can only check the subscriptions from my own
>  server if the accounts still exist. And even that is not so easy.
> - A friend subscribed my presence. He was some time in hospital, so I never
>  noticed, that his account was deleted on the server (due to inactivity?).
>  As the jid came back online I wrote him gladly, how he is after the
>  surgery...   I realised very late, that the account was now new assigned.

I had a similar problem when I unregistered my jabber.org account by error
with a beta version of a client. The subscription was out of sync, and
still is for
many of my contacts, because server don't route my subscription requests.
The only solution is to delete the contact on both sides and subscribe again.

> I see only the solution, that there has to be an unsubscribe-request to
> every contact in the roster of an user if that user is going to be deleted.

right, this is how it should (MUST) be done.

Alex

--
Alexander Gnauck
http://www.ag-software.de
xmpp:gnauck at jabber.org


More information about the Security mailing list