Yes - I heard jabber.org administrators disabled IBR, but could you explain what was the reason for that (or just send link where can I find more details about the issue with IBR they were experiencing)? I think that only high performance/stability issues could be occasion for CAPTCHA registration implementation.
-- Peter Viskup On Thu, Nov 19, 2009 at 4:07 AM, Peter Saint-Andre <[email protected]>wrote: > On 11/18/09 4:29 PM, Peter Viskup wrote: > > What does your expression - 'uncontrolled registration' - mean? > > What is the definition of 'controlled registration'? > > How do you check if the jabber server has 'controlled registration'? > > > > On our jabber.sk server everybody can register account with any length > > and any characters the server (piece of software) is supporting. Is that > > something what means 'uncontrolled registration'? > > Is something wrong (not following not well known 'best practices') on > > that configuration of public server? > > Good question. I'll answer based on my experience at the jabber.org > service: I think that by "uncontrolled registration" he means in-band > registration ("IBR", XEP-0077) without CAPTCHA forms (XEP-0158). A > service could also allow uncontrolled registration via the web but that > might be more difficult to test. At the jabber.org service we turned off > IBR perhaps a year ago, in favor of web registration with CAPTCHAs. No, > it's not perfect, but it seems to be less liable to attack (or at least > automated registration by malicious bots). > > /psa >
