[standards-jig] gateway handling of legacy contact lists
cbas at rhymbox.com
Tue Dec 16 23:30:51 UTC 2003
Matthias Wimmer wrote:
>Sebastiaan Deckers schrieb am 2003-12-16 22:08:23:
>>>If it's just a portion, how do you denote that?
>>Only roster items of which the host portion of their address equals the
>>service's address. For example: someone at yahoo.example.com
>Then the admin of example.com gets access to all your roster items that
>belong to users on example.com.
No, only if the server "example.com" is an item in the person's roster.
The admin of example.com would only have access to the contacts
"... at yahoo.example.com".
That is not a security hole -- it is common sense.
>>That is the way it has always been, is it not?
>Nope. Transports never had real access to your roster. Some transports
>are only using a security hole in jabberd14.
More information about the Standards