[JDEV] new password
Todd Bradley
TBradley at jabber.com
Fri Mar 2 15:03:09 CST 2001
I don't understand the necessity. You wouldn't
be having this conversation with the server in the
first place if you (the Jabber client) didn't
already provide the correct (old) password.
> -----Original Message-----
> From: Greg Wong [mailto:greg.wong at plumtree.com]
> Sent: Friday, March 02, 2001 1:46 PM
> To: 'jdev at jabber.org'
> Subject: [JDEV] new password
>
>
> To change password:
>
> <iq type="set" id="blahblah" to="##your_jabber_server"><query
> xmlns="jabber:iq:register"><username>##your_user_name</usernam
> e><password>##
> new_password</password></query></iq>
>
> Note: there is no check on the old password here.
> It would be good practice to make that check on the client
> side so as not to
> be able to hack into another person's account.
>
> Is there a was (server code change) to add in an
> <oldpassword> field as a
> security measure?
>
> greg
>
> _______________________________________________
> jdev mailing list
> jdev at jabber.org
> http://mailman.jabber.org/listinfo/jdev
>
More information about the JDev
mailing list