[standards-jig] UPDATED AGAIN: Multi-User Chat, v. 0.4

Peter Saint-Andre stpeter at jabber.org
Thu Sep 19 19:22:02 UTC 2002


The existing IQ browse is a security hole and a bug. A useful bug, but a
bug nonetheless.

The admin will always be able to get the real JID.

Peter

--
Peter Saint-Andre
Jabber Software Foundation
http://www.jabber.org/people/stpeter.html

On Thu, 19 Sep 2002, Klaus H. Wolf wrote:

> About requesting the real ID.
> 
> Example 38. Room Admin Requests Real JID
> 
>   <iq type='set' to='room at service' id='whois'/>
>     <x xmlns='jabber:gc:admin'>
>       <whois>someloser</whois>
>     </x>
>   </iq>
> 
> Does this replace the existing <iq-browse to the user-resource of the room?
> 
> Which is:
> 
>   <iq type='get' to='room at service/someloser'>
>     <query xmlns='jabber:iq:browse'/>
>   </iq>
> 
> Which curently returns:
> 
>   <iq type='result' from='room at service/someloser'>
>     <user xmlns='jabber:iq:browse' name='someloser'>
>       <user jid='realuser at realserver/realresource'/>
>     </user>
>   </iq>
> 
> Will the admin be able to get the real JID even if the user switched on the
> <privacy/>?
> 
> --
> Dr. Klaus H. Wolf
> bluehands GmbH & Co.mmunication KG
> http://www.bluehands.de/people/hw
> +49 (0721) 16108 75
> 
> > -----Original Message-----
> > From: standards-jig-admin at jabber.org
> > [mailto:standards-jig-admin at jabber.org]On Behalf Of Peter Saint-Andre
> > Sent: Thursday, September 19, 2002 6:30 AM
> > To: standards-jig at jabber.org
> > Subject: [standards-jig] UPDATED AGAIN: Multi-User Chat, v. 0.4
> >
> >
> > I have just released version 0.4 of the multi-user chat JEP. This contains
> > some major changes, including:
> >
> > 1. Removed that /kick and /ban junk, what a hack!
> >
> > 2. Added protocol for including participant privileges (admin and voice)
> > in presence updates.
> >
> > 3. Added use cases for granting/revoking voice and approving/denying
> > messages held for approval in moderated rooms.
> >
> > 4. A few other niceties.
> >
> > I think this is now getting to be fairly complete and even (*gasp*) worth
> > considering in a serious manner. I will probably release a 0.4.1 version
> > by about 18:00 UTC tomorrow in order to address a few minor points, so
> > keep those cards and letters coming! :)
> >
> > http://www.jabber.org/jeps/jep-0045.html
> >
> > Peter
> >
> > --
> > Peter Saint-Andre
> > Jabber Software Foundation
> > http://www.jabber.org/people/stpeter.html
> >
> > _______________________________________________
> > Standards-JIG mailing list
> > Standards-JIG at jabber.org
> > http://mailman.jabber.org/listinfo/standards-jig
> >
> 
> 
> _______________________________________________
> Standards-JIG mailing list
> Standards-JIG at jabber.org
> http://mailman.jabber.org/listinfo/standards-jig
> 




More information about the Standards mailing list