[Standards] Password protected rooms
dave at cridland.net
Thu Feb 12 11:11:32 UTC 2009
On Wed Feb 11 15:08:41 2009, Matthew Wild wrote:
> On Wed, Feb 11, 2009 at 3:01 PM, Jonathan Schleifer
> <js-xmpp-standards at webkeks.org> wrote:
> > Just a reason NOT to require a PW for the owner: Some admin might
> > changed it and now the owner can't join the room anymore or
> change it back.
> That same admin could simply remove the owner from the owner list
> and be done :)
Actually, as far as I can tell, nothing mandates that an owner cannot
change the password without joining the room, since room
configuration doesn't require you to have joined the room either.
Since changing the password therefore doesn't require the old
password, I wonder if the requirement to have the password makes much
sense, on reflection.
> This single issue aside however, I do think that the total lack of
> way to track which services a JID is affiliated with is scary. This
> affects transports/gateways, MUCs, etc. Are roster subscriptions
> cancelled on account removal?
Well, they should be, assuming the server is aware of the removal -
however, the server might well not be - if a user is simply removed
from, say, the LDAP directory it's using, there's no way a server is
likely to know.
Dave Cridland - mailto:dave at cridland.net - xmpp:dwd at dave.cridland.net
Infotrope Polymer - ACAP, IMAP, ESMTP, and Lemonade
More information about the Standards