[JDEV] Querying Rosters...

Peter Saint-Andre stpeter at jabber.org
Thu Apr 25 12:44:17 CDT 2002 

It doesn't matter what to address you put on this iq chunk, you will
always get your own roster (i.e., the roster of the sending entity). From
addresses are essentially ignored (they are supplied by the server to
prevent spoofing), which is why the from address on the iq reply is
you at yourhost/currentresource (in your case, veer at ip/Winjab -- I admit this
is kind of confusing). You could refer to the source code if you want to
see the specific logic. I'm sure that JSM just takes the "from" address on
the iq get and makes that the "to" address on the iq reply, but the reply
is actually sent to the sending entity.

Peter

--
Peter Saint-Andre
email+jabber: stpeter at jabber.org
weblog: http://www.saint-andre.com/blog/

On Thu, 25 Apr 2002, Ritu Khetan wrote:

> hey! I am highly confused. I guess you are right. I
> tried it again and this time it sent the user\'s roster
> rather than the buddy\'s roster.
> The packet that came back was quite weird though..as the
> to and from jids did not get switched..
> It looked like this..
> 
> Send:
> <iq type=\"get\" id=\"\" to=\"ritu at 192.168.2.58\"
> from=\"veer at 192.168.2.58\">
> <query xmlns=\"jabber:iq:roster\"/>
> </iq>
> 
> Recv:
> <iq type=\'result\' id=\'\' to=\'ritu at 192.168.2.58\'
> from=\'veer at 192.168.2.58/Winjab\'>
> <query xmlns=\'jabber:iq:roster\'><item
> jid=\'cvsmsg at 192.168.2.58\' name=\'cvsmsg\'
> subscription=\'both\'><group>My
> Resources</group></item><item jid=\'ritu1 at 192.168.2.58\'
> name=\'ritu1\' subscription=\'both\'/></query></iq>
>  
> Anyways, sorry for the inconvenience caused.
> No offenses please.
> 
> Am still wondering why the \"to\" jid appears ritu at .. even
> though the packet came to veer at ....??
> 
> Regards,
> Ritu
> Quoting Peter Saint-Andre <stpeter at jabber.org>:
> 
> > We have been developing and using Jabber for well over
> three years and no
> > one has ever seen or reported this behavior. Please
> provide a test case.
> >
> > Peter
> >
> > --
> > Peter Saint-Andre
> > email+jabber: stpeter at jabber.org
> > weblog: http://www.saint-andre.com/blog/
> >
> > Ritu Khetan wrote:
> >
> > > I just found out that it is possible for users to
> > > query each other rosters which would reveal the buddy
> > > list of the respective user.
> > > I feel this is highly unfavorable as people do not wish
> > > to share their buddy lists with others.
> > > Further, as rosters (esp. this part) are managed by the
> > > server, clients cannot afford to play with them by
> > > qualifying them by a private namespace.
> > > Are there any ideas on how we can take care of this? Is
> > > any work being done on this in the next version of
> Jabber?
> >
> >
> > _______________________________________________
> > jdev mailing list
> > jdev at jabber.org
> > http://mailman.jabber.org/listinfo/jdev
> > 
> 
> _______________________________________________
> jdev mailing list
> jdev at jabber.org
> http://mailman.jabber.org/listinfo/jdev
>

More information about the JDev mailing list