[JDEV] Probing presence from component
Mike Prince
mike at mikeprince.com
Tue Jun 3 01:11:45 CDT 2003
>From the corner of my brain I remember adding my components name to the
admin section of jabber.xml. Perhaps if you look through the source of
JabberD you'll see who gets special privileges and how that affects
probe requests.
In case you want to try it, the mod of jabber.xml looks like:
<jabber>
...
<service id="sessions">
...
<jsm xmlns="jabber:config:jsm">
...
<admin>
<read>componentname</read>
...
Again, for my system none of the users needed to have my component in
their roster. (Yes, that would be a pain :)
Good luck,
Mike
> -----Original Message-----
> From: jdev-admin at jabber.org [mailto:jdev-admin at jabber.org] On
> Behalf Of Fabrice Desré
> Sent: Monday, June 02, 2003 9:49 AM
> To: jdev at jabber.org
> Subject: Re: [JDEV] Probing presence from component
>
>
> Joe Hildebrand wrote:
> > Yep. Since allowing access to this information from an
> unauthorized
> > source would be a security hole, the server blocks presence probes
> > from people not on the probee's roster as "both" or "from".
>
> Ok, but I think that an external component can be considered secure
> enough to access this information. With the actual behaviour,
> you end up
> with rosters entries only devoted to presence probing - not
> really useful.
>
> > You could add a JSM module that allowed certain JIDs to bypass this
> > restriction, and place it above mod_presence.
>
> This is just what I wanted to avoid... A config switch
> (like the admin
> properties) would be better.
>
> Fabrice
> --
> Fabrice Desré
> France Télécom R&D/DTL/TAL
> Tél: +(33) (0)2 96 05 31 43
> Fax: +(33) (0)2 96 05 39 45
> http://www.francetelecom.com/rd
>
> _______________________________________________
> jdev mailing list
> jdev at jabber.org
> http://mailman.jabber.org/listinfo/jdev
>
More information about the JDev
mailing list