Peter Saint-Andre wrote:
Matt Ford wrote:
Hi All,
Implementation vs standards.
It seems, at least on jabber.org, that I as an owner of password
protected room can access it without using a password.
I must admit that I haven't tested password-protected rooms in a long
time. IMHO members-only rooms perform the same function in a more secure
fashion.
At the expense of owner administration...
The spec however suggests that I should not be able to
I suppose it is possible that ejabberd exempts the room owner from this
check.
Have you tested by creating a password-protected room and then trying to
join from another account?
Yep. Seems that ejabberd (assuming that is what jabber.org runs) does
indeed exempt it. This at the moment looks to me to be breaking the spec.
The question is "is it sensible?" should the spec change or is it a bug
in ejabberd?
/psa
