[Standards] Password protected rooms

Matt Ford matt at dancingfrog.co.uk
Mon Feb 9 13:33:13 UTC 2009


Peter Saint-Andre wrote:
> Matt Ford wrote:
>   
>> Hi All,
>>
>> Implementation vs standards.
>>
>> It seems, at least on jabber.org, that I as an owner of password
>> protected room can access it without using a password.
>>     
>
> I must admit that I haven't tested password-protected rooms in a long
> time. IMHO members-only rooms perform the same function in a more secure
> fashion.
>   
At the expense of owner administration...
>   
>> The spec however suggests that I should not be able to
>>     
>
> I suppose it is possible that ejabberd exempts the room owner from this
> check.
>
> Have you tested by creating a password-protected room and then trying to
> join from another account?
>   
Yep. Seems that ejabberd (assuming that is what jabber.org runs) does 
indeed exempt it.  This at the moment looks to me to be breaking the spec. 

The question is "is it sensible?" should the spec change or is it a bug 
in ejabberd?
> /psa
>
>   




More information about the Standards mailing list