Hi! I see problems in the way unregistering an account is handled. If an account is unregistered this account is dropped by the Jabber server but non of the transports a user has registered is notified about that (and it wouldn't even be easily possible as the server does not know which contact list entires are transports and the transports could even be just removed from the roster). The result is, that an other person can register for the same account and use the former users transport without reregistering and without knowing the password used to register the accounts. With some transports the new user can even retrive the password, that used used to register the transport.
I think this should be fixed, but it might require that the server knows
which roster items are transports. (This knowledge could be used for
other things like Contact-Import as well.) The server could then
unregister all transports if an account is deregistered or if the
transport is removed from the roster.
It would also be possible, that not the server cares about this but the
client and that the client unregistered all transports before removing
them or before unregistering the account. While this might be a good
idea, I think the server should still care for this as well.
Tot kijk
Matthias
signature.asc
Description: Digital signature
