[Standards] Password protected rooms

Matthew Wild mwild1 at gmail.com
Wed Feb 11 15:08:41 UTC 2009


On Wed, Feb 11, 2009 at 3:01 PM, Jonathan Schleifer
<js-xmpp-standards at webkeks.org> wrote:
> Just a reason NOT to require a PW for the owner: Some admin might have
> changed it and now the owner can't join the room anymore or change it back.
>

That same admin could simply remove the owner from the owner list and be done :)

This single issue aside however, I do think that the total lack of any
way to track which services a JID is affiliated with is scary. This
affects transports/gateways, MUCs, etc. Are roster subscriptions even
cancelled on account removal?

The hardest case to cover is that of a server going down, and coming
back up with an empty user database. It is a flaw in our otherwise
secure identity. Perhaps it isn't seen as worth solving though? (I
have seen little discussion of this problem to date)

Matthew.



More information about the Standards mailing list