|
It seems that the jabber server does nothing to
prevent users from
querying the contents of private namespaces of
other users.
If user A has set data in a private ns
"test:private". User B can
get at that data by issuing the following info
query.
<iq to="A@server" type="get"
id="blah"><query xmlns="test:private"/></iq>
user B will get back whatever is in that
ns.
Is this by design?!? It seems like a major
security hole to me.
--------------------
Ben Piercey Voice IM Software Designer Nuance Communications Ottawa, Canada. |
