[JDEV] Groupchat and "secrets"
jens at mac.com
jens at mac.com
Wed Apr 25 19:30:48 CDT 2001
So I'm in the thick of implementing groupchat/conferencing in my client.
Thanks to temas for pointing me to the latest docs so I didn't keep
working off of the obsolete stuff in the JPG!
My current head-scratcher is: the person creating a chat room can set a
"secret" or password that's required to join the room. However, there
doesn't seem to be any way in the protocol for a client being invited to
the chat room to be told what the password is. As far as I can tell the
only way is to go roundabout through the people involved, i.e. the
inviter adds "the password is froolap" to the invitation message, and
the receiver then has to read that and type "froolap" into a dialog box
when accepting the invitation. Kind of awkward. Or did I miss something?
I'm also not entirely happy with the security of a shared password,
especially for a chat room that might be more-or-less permanent. As soon
as someone spills the beans (or eavesdrops on someone joining the chat),
the security of the room is compromised. Have there been any proposals
for better security? For example, a simple improvement would be one-time
passwords: the server makes up a different secret for every invitation
and stuffs it in the invitation. The invitee has to echo the secret.
Speaking of longevity of chat rooms, do they disappear when the last
person leaves? If not, how do you get rid of one?
As always, thanks ...
--Jens
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: text/enriched
Size: 1424 bytes
Desc: not available
URL: <https://www.jabber.org/jdev/attachments/20010425/327ad76d/attachment-0002.bin>
More information about the JDev
mailing list