Matthew Wild wrote:
This single issue aside however, I do think that the total lack of any
way to track which services a JID is affiliated with is scary. This
affects transports/gateways, MUCs, etc. Are roster subscriptions even
cancelled on account removal?
jabberd does that (since 2005).
On Wed Feb 11 18:45:34 2009, Justin Karneges wrote:
There are quite many XMPP services (bots and such) that you
authenticate with
just by JID. Why would those things be okay, but MUC is somehow
more secure
and requires a password?
Well, yes - in a perfect world, we'd sign stanzas with
On Wed, 11 Feb 2009 10:45:34 -0800
Justin Karneges justin-keyword-jabber.093...@affinix.com wrote:
On Wednesday 11 February 2009 05:06:24 Kevin Smith wrote:
On Wed, Feb 11, 2009 at 12:58 PM, Kurt Zeilenga
kurt.zeile...@isode.com
wrote:
I'm thinking more about a non-comprised server
On Wed Feb 11 15:08:41 2009, Matthew Wild wrote:
On Wed, Feb 11, 2009 at 3:01 PM, Jonathan Schleifer
js-xmpp-standa...@webkeks.org wrote:
Just a reason NOT to require a PW for the owner: Some admin might
have
changed it and now the owner can't join the room anymore or
change it back.
On Feb 10, 2009, at 11:25 PM, Kevin Smith wrote:
On Tue, Feb 10, 2009 at 11:02 PM, Kurt Zeilenga kurt.zeile...@isode.com
wrote:
It seems not so sensible when the admin happens to be authenticating
directly to the server hosting the chatroom. But for the case
where the
administrator
On Wed, Feb 11, 2009 at 12:58 PM, Kurt Zeilenga kurt.zeile...@isode.com wrote:
I'm thinking more about a non-comprised server case, but just the case of
poor administrative practices.
Ok, I follow, thanks. Given that, maybe keeping password requirements
on all affiliations is sensible.
/K
On Wed Feb 11 13:06:24 2009, Kevin Smith wrote:
On Wed, Feb 11, 2009 at 12:58 PM, Kurt Zeilenga
kurt.zeile...@isode.com wrote:
I'm thinking more about a non-comprised server case, but just the
case of
poor administrative practices.
Ok, I follow, thanks. Given that, maybe keeping password
Dave Cridland wrote:
On Wed Feb 11 13:06:24 2009, Kevin Smith wrote:
On Wed, Feb 11, 2009 at 12:58 PM, Kurt Zeilenga
kurt.zeile...@isode.com wrote:
I'm thinking more about a non-comprised server case, but just the
case of
poor administrative practices.
Ok, I follow, thanks. Given that,
On Wed, 11 Feb 2009 04:58:01 -0800
Kurt Zeilenga kurt.zeile...@isode.com wrote:
On Feb 10, 2009, at 11:25 PM, Kevin Smith wrote:
On Tue, Feb 10, 2009 at 11:02 PM, Kurt Zeilenga
kurt.zeile...@isode.com
wrote:
It seems not so sensible when the admin happens to be
authenticating
Just a reason NOT to require a PW for the owner: Some admin might have
changed it and now the owner can't join the room anymore or change it
back.
--
Jonathan
PGP.sig
Description: Signierter Teil der Nachricht
On Wed, Feb 11, 2009 at 3:01 PM, Jonathan Schleifer
js-xmpp-standa...@webkeks.org wrote:
Just a reason NOT to require a PW for the owner: Some admin might have
changed it and now the owner can't join the room anymore or change it back.
That same admin could simply remove the owner from the
On Wed, Feb 11, 2009 at 3:08 PM, Matthew Wild mwi...@gmail.com wrote:
This single issue aside however, I do think that the total lack of any
way to track which services a JID is affiliated with is scary. This
affects transports/gateways, MUCs, etc. Are roster subscriptions even
cancelled on
On Wednesday 11 February 2009 05:06:24 Kevin Smith wrote:
On Wed, Feb 11, 2009 at 12:58 PM, Kurt Zeilenga kurt.zeile...@isode.com
wrote:
I'm thinking more about a non-comprised server case, but just the case of
poor administrative practices.
Ok, I follow, thanks. Given that, maybe keeping
Am 11.02.2009 um 16:08 schrieb Matthew Wild:
That same admin could simply remove the owner from the owner list
and be done :)
Nope, at least in ejabberd, an admin can't take it from an owner
IIRC ;).
--
Jonathan
PGP.sig
Description: Signierter Teil der Nachricht
Jonathan Schleifer wrote:
Am 11.02.2009 um 16:08 schrieb Matthew Wild:
That same admin could simply remove the owner from the owner list and
be done :)
Nope, at least in ejabberd, an admin can't take it from an owner IIRC ;).
The service-wide admin, not the room admin.
/psa
smime.p7s
On Thu, Feb 12, 2009 at 12:25 AM, Jonathan Schleifer
js-xmpp-standa...@webkeks.org wrote:
Am 11.02.2009 um 16:08 schrieb Matthew Wild:
That same admin could simply remove the owner from the owner list and be
done :)
Nope, at least in ejabberd, an admin can't take it from an owner IIRC ;).
On Feb 9, 2009, at 5:40 AM, Kevin Smith wrote:
On Mon, Feb 9, 2009 at 1:33 PM, Matt Ford m...@dancingfrog.co.uk
wrote:
The question is is it sensible? should the spec change or is it a
bug in
ejabberd?
It's both - it's a bug in ejabberd that it doesn't follow the spec,
and it's a bug in
On Tue, Feb 10, 2009 at 11:02 PM, Kurt Zeilenga kurt.zeile...@isode.com wrote:
It seems not so sensible when the admin happens to be authenticating
directly to the server hosting the chatroom. But for the case where the
administrator authenticates elsewhere, possibly to a server under separate
Peter Saint-Andre wrote:
Matt Ford wrote:
Hi All,
Implementation vs standards.
It seems, at least on jabber.org, that I as an owner of password
protected room can access it without using a password.
I must admit that I haven't tested password-protected rooms in a long
time. IMHO
On Mon, Feb 9, 2009 at 1:33 PM, Matt Ford m...@dancingfrog.co.uk wrote:
The question is is it sensible? should the spec change or is it a bug in
ejabberd?
It's both - it's a bug in ejabberd that it doesn't follow the spec,
and it's a bug in the spec because that's not sensible :)
The spec
Kevin Smith wrote:
On Mon, Feb 9, 2009 at 1:33 PM, Matt Ford m...@dancingfrog.co.uk wrote:
The question is is it sensible? should the spec change or is it a bug in
ejabberd?
It's both - it's a bug in ejabberd that it doesn't follow the spec,
and it's a bug in the spec because that's not
Hi All,
Implementation vs standards.
It seems, at least on jabber.org, that I as an owner of password
protected room can access it without using a password.
The spec however suggests that I should not be able to
http://xmpp.org/extensions/xep-0045.html#enter-pw
(assuming that an owner counts
Matt Ford wrote:
Hi All,
Implementation vs standards.
It seems, at least on jabber.org, that I as an owner of password
protected room can access it without using a password.
I must admit that I haven't tested password-protected rooms in a long
time. IMHO members-only rooms perform the
23 matches
Mail list logo
