[JDEV] Querying of private namespaces
Ben Piercey
ben.piercey at nuance.com
Tue Nov 13 08:50:03 CST 2001
It seems that the jabber server does nothing to prevent users from
querying the contents of private namespaces of other users.
If user A has set data in a private ns "test:private". User B can
get at that data by issuing the following info query.
<iq to="A at server" type="get" id="blah"><query xmlns="test:private"/></iq>
user B will get back whatever is in that ns.
Is this by design?!? It seems like a major security hole to me.
--------------------
Ben Piercey
Voice IM Software Designer
Nuance Communications
Ottawa, Canada.
www.nuance.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://www.jabber.org/jdev/attachments/20011113/3efeb70c/attachment-0002.htm>
More information about the JDev
mailing list