[standards-jig] UPDATED AGAIN: Multi-User Chat, v. 0.4

David Sutton jabber at dsutton.legend.uk.com
Thu Sep 19 22:22:51 UTC 2002

Hi all,

On Thu, Sep 19, 2002 at 03:15:07PM -0600, David Waite wrote:
> Peter Saint-Andre wrote:
> >The existing IQ browse is a security hole and a bug. A useful bug, but a
> >bug nonetheless.
> >
> >The admin will always be able to get the real JID.
> > 
> >
> Which admin - the Room admin, or a Server admin? I would argue that 
> creating the room is not sufficient for a user to be able to override my 
> privacy settings.
I've been discussing some of this on the jdev channel. Firstly, the
iq:browse is more implementation-specific rather than jep-specific. The
implementation would have to have the concept of server admins.

Regarding a room, this is a grey area in that a user should be careful
before connected to a room, but at this time, there isn't a strong
method of remotely querying a rooms capabilities. The obvious answer is
'use disco' but we don't have that yet, or client support either. 
> And I believe that the browse function is not a bug, but an explicit 
> feature.
Its a feature in as far as the current conference code has no concept of
admin users. As far as it is concerned, everyone is equal. It may not be
what is expected, but people have come to use and rely on it.


David Sutton
Email: dsutton at legend.co.uk
Jabber: peregrine at legend.net.uk
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 232 bytes
Desc: not available
URL: <http://mail.jabber.org/pipermail/standards/attachments/20020919/dcc845d9/attachment.sig>

More information about the Standards mailing list