[Standards-JIG] proto-JEP: Smart Presence Distribution

Pedro Melo melo at co.sapo.pt
Thu May 18 14:06:36 UTC 2006


Hi,

On May 18, 2006, at 2:00 AM, Matthias Wimmer wrote:
> Pedro Melo wrote:
>>
>>> Even if all servers involved correctly follow protocol, there is  
>>> absolutly NO garantuee that someone I do not want to send my  
>>> presence to will not end up receiving it.
>>
>> This is only true if someone bypasses the current protocol and  
>> adds your jid to his roster, correct?
>>
>> So this would only happen if:
>>  - that user that wants your presence has direct access to the  
>> database where the roster information is stored;
>>  - or the entire server is compromised in terms of security and  
>> the user can install forwarding rules.
>>
>> I think that you would agree that if a server follows the current  
>> XMPP spec in full, a normal user cannot add your JID to his  
>> roster, correct?
> AFAIK a normal user can mess up his own roster as much as he wants  
> by just using a set iq in the jabber:iq:roster namespace.

But he cannot change the subscription type of my contact without me  
sending him a presence subscribed.

Best regards,
--
HIId: Pedro Melo
SMTP: melo at co.sapo.pt
XMPP: pedro.melo at sapo.pt




More information about the Standards mailing list