Am 09.12.2009 um 16:17 schrieb Michael Grigutsch:
I don't see a big problem in this, as the account either was never
used or was not in use for over a year.
Well, I see a big problem with it. A big security problem!
Imagine the user has owner status in a MUC. Now that JID gets auto-
delted. Someone re-registers that JID and got owner in the MUC and
could hijack it. Imagine that user has been gone for years, and nobody
remembers him. But know someone DOES remember him suddenly, registers
the JID that user had and takes over the MUC. Same applies for PubSub
etc.
--
Jonathan
