On 11/18/09 4:29 PM, Peter Viskup wrote: > What does your expression - 'uncontrolled registration' - mean? > What is the definition of 'controlled registration'? > How do you check if the jabber server has 'controlled registration'? > > On our jabber.sk server everybody can register account with any length > and any characters the server (piece of software) is supporting. Is that > something what means 'uncontrolled registration'? > Is something wrong (not following not well known 'best practices') on > that configuration of public server?
Good question. I'll answer based on my experience at the jabber.org
service: I think that by "uncontrolled registration" he means in-band
registration ("IBR", XEP-0077) without CAPTCHA forms (XEP-0158). A
service could also allow uncontrolled registration via the web but that
might be more difficult to test. At the jabber.org service we turned off
IBR perhaps a year ago, in favor of web registration with CAPTCHAs. No,
it's not perfect, but it seems to be less liable to attack (or at least
automated registration by malicious bots).
/psa
smime.p7s
Description: S/MIME Cryptographic Signature
