Hi,
I'm looking to communicate with my website visitors in real time.
Ideally if they send me a message it will appear in my jabber client.
I have thought of a way to construct a 'naive' version:
- Use a BOSH connection manager (like Punjab) and a JS library (like
Strophe)
- Use a single JID for all visitors, say 'webu...@mydomain.com' but
have a different resource for each visitor
- In the JID buddy list for webu...@mydomain.com, have my personal JID
added. So when a user sends me a message, it is sent to my usual
client. Because each webuser has a unique resource, sending back to
the same user is handled fine.
In order for this to happen, the JS front end would need the password
for webu...@mydomain.com. This is why I call this the 'naive' method.
With this password a malicious user can log in using a standard
client, remove me from it's buddy list, or add others to its buddy
list, change the password, etc...
Is there a better way than this naive version that avoids giving
visitors a method to 'mess up' the 'webuser' account?
Michal.
--
To unsubscribe send a mail to jabberd2+unsubscr...@lists.xiaoka.com
