[Standards-JIG] proto-JEP: Smart Presence Distribution
m at tthias.eu
Thu May 18 01:00:51 UTC 2006
Pedro Melo wrote:
>> Even if all servers involved correctly follow protocol, there is
>> absolutly NO garantuee that someone I do not want to send my presence
>> to will not end up receiving it.
> This is only true if someone bypasses the current protocol and adds
> your jid to his roster, correct?
> So this would only happen if:
> - that user that wants your presence has direct access to the
> database where the roster information is stored;
> - or the entire server is compromised in terms of security and the
> user can install forwarding rules.
> I think that you would agree that if a server follows the current XMPP
> spec in full, a normal user cannot add your JID to his roster, correct?
AFAIK a normal user can mess up his own roster as much as he wants by
just using a set iq in the jabber:iq:roster namespace.
More information about the Standards