[Standards-JIG] proto-JEP: Smart Presence Distribution

Matthias Wimmer m at tthias.eu
Thu May 18 01:00:51 UTC 2006


Hi Pedro!

Pedro Melo wrote:
>
>> Even if all servers involved correctly follow protocol, there is 
>> absolutly NO garantuee that someone I do not want to send my presence 
>> to will not end up receiving it.
>
> This is only true if someone bypasses the current protocol and adds 
> your jid to his roster, correct?
>
> So this would only happen if:
>  - that user that wants your presence has direct access to the 
> database where the roster information is stored;
>  - or the entire server is compromised in terms of security and the 
> user can install forwarding rules.
>
> I think that you would agree that if a server follows the current XMPP 
> spec in full, a normal user cannot add your JID to his roster, correct?
AFAIK a normal user can mess up his own roster as much as he wants by 
just using a set iq in the jabber:iq:roster namespace.


Tot kijk
     Matthias



More information about the Standards mailing list