[Standards-JIG] proto-JEP: Smart Presence Distribution
melo at co.sapo.pt
Thu May 18 14:06:36 UTC 2006
On May 18, 2006, at 2:00 AM, Matthias Wimmer wrote:
> Pedro Melo wrote:
>>> Even if all servers involved correctly follow protocol, there is
>>> absolutly NO garantuee that someone I do not want to send my
>>> presence to will not end up receiving it.
>> This is only true if someone bypasses the current protocol and
>> adds your jid to his roster, correct?
>> So this would only happen if:
>> - that user that wants your presence has direct access to the
>> database where the roster information is stored;
>> - or the entire server is compromised in terms of security and
>> the user can install forwarding rules.
>> I think that you would agree that if a server follows the current
>> XMPP spec in full, a normal user cannot add your JID to his
>> roster, correct?
> AFAIK a normal user can mess up his own roster as much as he wants
> by just using a set iq in the jabber:iq:roster namespace.
But he cannot change the subscription type of my contact without me
sending him a presence subscribed.
HIId: Pedro Melo
SMTP: melo at co.sapo.pt
XMPP: pedro.melo at sapo.pt
More information about the Standards