[standards-jig] gateway handling of legacy contact lists

Sebastiaan Deckers cbas at rhymbox.com
Tue Dec 16 23:30:51 UTC 2003


Matthias Wimmer wrote:

>Hi Sebastiaan!
>
>Sebastiaan Deckers schrieb am 2003-12-16 22:08:23:
>
>>>If it's just a portion, how do you denote that?
>>>
>>Only roster items of which the host portion of their address equals the 
>>service's address.  For example: someone at yahoo.example.com
>>
>
>Then the admin of example.com gets access to all your roster items that
>belong to users on example.com.
>
No, only if the server "example.com" is an item in the person's roster.
The admin of example.com would only have access to the contacts 
"... at yahoo.example.com".
That is not a security hole -- it is common sense.

>>That is the way it has always been, is it not?
>>
>
>Nope. Transports never had real access to your roster. Some transports
>are only using a security hole in jabberd14.
>
>
>Tot kijk
>    Matthias
>




More information about the Standards mailing list